On 06-09-2010 14:18, Daniel P. Berrange wrote:
On Ubuntu, /etc/libvirt/libvirtd.conf is mode 0644? Should I be worried about that? A quick glance in there doesn't reveal anything that I'm uncomfortable disclosing. The /etc/libvirt directory itself should be 0700 though,
Nope, it's 0755. :( I'll look into getting that fixed.
since various files under that location include passwords (qemu.conf, secrets/*, qemu/*xml, lxc/*xml, uml/*xml). We don't currently have any passwords in libvirtd.conf itself, but its certainly possible this might change in the future. While it is possible to rely on getting each individual file there to have correct permissions, IMHO it is safer to make the /etc/libvirt directory 0700
Makes sense. Thanks for pointing this out. I've never used passwords in any of these files myself, so I never really gave it much thought :(
Assuming I can determine that a given user is authorized to manage the systemwide libvirtd, would you agree that that is the one they're most likely to want to access? I simply cannot think up a realistic example use case where someone has this privilege, but actually wants to access qemu:///session. No, I don't agree. I already mentioned the reasons why it is desirable to run within the user session - SDL, audio, disk permissions, and to add another one gnome-keyring integration for qcow2 passwords which is a future feature we'd like for the secrets driver. IMHO if we are to get better integration into the user's desktop experiance, then having both libvirtd & the VMs running in the user's context, rather than a separate context is key.
Yes, of course, when qemu:///session gets this smart and cool you will want to access qemu:///session by default. At /exactly/ the same time, the motivation for setting yourself up with access to qemu:///system disappears. When that motivation is gone, any admin worth his salt will immediately revoke said access (in the shared scenario) (since it's a gaping security hole) and voilĂ , libvirt will go back to using qemu:///session by default. -- Soren Hansen Ubuntu Developer http://www.ubuntu.com/