[libvirt] Using unix domain sockets with serial devices
Hello, The Oz automated install program (http://github.com/clalancette/oz) uses a serial device inside a guest to communicate the guest IP address to a listener on the host; once the host has the IP address, other customization steps can take place. This serial device in the guest is currently backed by a TCP socket on the host. I use the following libvirt XML snippet to set this up: <serial type="tcp"> <source mode="bind" host="127.0.0.1" service="9412"/> <protocol type="raw"/> <target port="1"/> </serial> DanB points out that this is probably insecure, and we should use named pipes or Unix domain sockets instead. I was able to implement Unix domain sockets with a few minor changes to Oz, but I'm running into a permissions problem. Essentially, the problem is that when you run Oz as a regular, non-root user, there is no convenient place on the filesystem where both the qemu user can read and write the socket, and where the user that is running Oz can read the socket. I've tried using /var/lib/libvirt/qemu/*.port, but that directory is 0650, so the regular user has no permission to it. Similarly, the qemu user may not have permission to read the users home directory, so I can't really put it there either. Does anyone have any ideas of what I might do here? I'm open to changing to any of Unix domain sockets, pipes, UDP sockets, or whatever, but it has to work for both root and non-root users. Thanks in advance, Chris
On Tue, Jul 09, 2013 at 10:12:59PM -0400, Chris Lalancette wrote:
Hello, The Oz automated install program (http://github.com/clalancette/oz) uses a serial device inside a guest to communicate the guest IP address to a listener on the host; once the host has the IP address, other customization steps can take place. This serial device in the guest is currently backed by a TCP socket on the host. I use the following libvirt XML snippet to set this up:
<serial type="tcp"> <source mode="bind" host="127.0.0.1" service="9412"/> <protocol type="raw"/> <target port="1"/> </serial>
DanB points out that this is probably insecure, and we should use named pipes or Unix domain sockets instead. I was able to implement Unix domain sockets with a few minor changes to Oz, but I'm running into a permissions problem. Essentially, the problem is that when you run Oz as a regular, non-root user, there is no convenient place on the filesystem where both the qemu user can read and write the socket, and where the user that is running Oz can read the socket. I've tried using /var/lib/libvirt/qemu/*.port, but that directory is 0650, so the regular user has no permission to it. Similarly, the qemu user may not have permission to read the users home directory, so I can't really put it there either. Does anyone have any ideas of what I might do here? I'm open to changing to any of Unix domain sockets, pipes, UDP sockets, or whatever, but it has to work for both root and non-root users.
The fact that a non-root user can't connect to any of those resources is in fact a security feature. Otherwise it'd be just as bad as using the localhost TCP socket. If Oz is running non-root, why isn't it using qemu:///session so that the VMs run as non-root too, then you don't have this privilege separation problem to hack around ? If you really must run it as root, then instead of opening the device directly, you could use the new virDomainOpenChannel() API to open a virStreamPtr connected to the serial device for doing I/O through. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Chris Lalancette -
Daniel P. Berrange