[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v9] run QEMU as non-root

On Mon, 2015-11-02 at 12:30 +0000, Stefano Stabellini wrote:
> Try to use "xen-qemudepriv-domid$domid" first, then
> "xen-qemudepriv-shared" and root if everything else fails.
> The uids need to be manually created by the user or, more likely, by the
> xen package maintainer.
> Expose a device_model_user setting in libxl_domain_build_info, so that
> opinionated callers, such as libvirt, can set any user they like. Do not
> fall back to root if device_model_user is set. Users can also set
> device_model_user by hand in the xl domain config file.
> QEMU is going to setuid and setgid to the user ID and the group ID of
> the specified user, soon after initialization, before starting to deal
> with any guest IO.
> To actually secure QEMU when running in Dom0, we need at least to
> deprivilege the privcmd and xenstore interfaces, this is just the first
> step in that direction.
> Signed-off-by: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>

Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>

(based on previous plus eyeballing only the changes from:
> Changes in v9:
> - add a device_model_user option to the xl domain config file


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.