Re: [libvirt] [PATCH] qemu: Add a qemu.conf option for clearing capabilities
On 05/27/2010 05:24 PM, Cole Robinson wrote:
Currently there is no way to opt out of libvirt dropping POSIX
capabilities for qemu. This at least is a useful debugging tool, but
is also wanted by users (and distributors):
https://bugzilla.redhat.com/show_bug.cgi?id=559154
https://bugzilla.redhat.com/show_bug.cgi?id=573850
Signed-off-by: Cole Robinson <crobinso(a)redhat.com>
---
src/qemu/qemu.conf | 5 +++++
src/qemu/qemu_conf.c | 5 +++++
src/qemu/qemu_conf.h | 2 +-
src/qemu/qemu_driver.c | 11 +++++++++--
4 files changed, 20 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 98a1176..b976dcc 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -178,3 +178,8 @@
# QEMU_AUDIO_DRV environment variable when using VNC.
#
# vnc_allow_host_audio = 0
+#
+
+# If clear_emulator_capabilities is enabled, libvirt will drop all POSIX
+# capabilities of the QEmu/KVM emulator. This is enabled by default
+# clear_emulator_capabilities = 1
s/POSIX/privileged/ - POSIX doesn't say anything about superuser
privileges, so we aren't dropping POSIX capabilities.
Leaving qemu privileged means that a compromised guest can exploit the
privileges and do damage to the hypervisor; is it worth adding
additional comments warning the user about the lack of security inherent
in clearing the option?
ACK with that wording tweak.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)