On 06/23/2011 08:05 AM, Daniel P. Berrange wrote:

The code emitting taint warnings was mistakenly thinking that guests run from the QEMU session driver were tainted for having high privileges. This is of course nonsense since the session driver is always unprivileged

* src/qemu/qemu_domain.c: Don't warn for high privileges in non-privileged QEMU --- src/qemu/qemu_domain.c | 7 ++++--- 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c index fab316f..3af1c86 100644 --- a/src/qemu/qemu_domain.c +++ b/src/qemu/qemu_domain.c @@ -788,9 +788,10 @@ void qemuDomainObjCheckTaint(struct qemud_driver *driver, { int i;

- if (!driver->clearEmulatorCapabilities || - driver->user == 0 || - driver->group == 0) + if (driver->privileged && + (!driver->clearEmulatorCapabilities || + driver->user == 0 || + driver->group == 0))

ACK. I guess even root can give up privileges, which it does in the session driver. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org