[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option

To: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
From: Markus Armbruster <armbru@xxxxxxxxxx>
Date: Mon, 09 Oct 2017 07:46:45 +0200
Cc: Juergen Gross <jgross@xxxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, qemu-devel@xxxxxxxxxx, Ross Lagerwall <ross.lagerwall@xxxxxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxxxxxxxxx, xen-devel@xxxxxxxxxx
Delivery-date: Mon, 09 Oct 2017 05:47:19 +0000
Dmarc-filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 0207E81DF3
List-id: Xen developer discussion <xen-devel.lists.xen.org>

Ian Jackson <ian.jackson@xxxxxxxxxxxxx> writes:

> This allows the caller to specify a uid and gid to use, even if there
> is no corresponding password entry.  This will be useful in certain
> Xen configurations.
>
> Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
[...]
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 9f6e2ad..34a5329 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -3968,6 +3968,18 @@ Immediately before starting guest execution, drop root 
> privileges, switching
>  to the specified user.
>  ETEXI
>  
> +#ifndef _WIN32
> +DEF("runasid", HAS_ARG, QEMU_OPTION_runasid, \
> +    "-runasid uid.gid     change to numeric uid and gid just before starting 
> the VM\n",
> +    QEMU_ARCH_ALL)
> +#endif
> +STEXI
> +@item -runasid @var{uid}.@var{gid}
> +@findex -runasid
> +Immediately before starting guest execution, drop root privileges, switching
> +to the specified uid and gid.
> +ETEXI
> +
>  DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
>      "-prom-env variable=value\n"
>      "                set OpenBIOS nvram variables\n",

The last thing the QEMU command line needs is more exotic options.  Are
you sure we need a new one here?  Can we make existing -runas serve?
Precedence: Coreutils[*].  Pseudo-code:

    if argument is a decimal number starting with '+':
        user ID
    else if argument is a valid user name:
        user name
    else if argument is a valid user ID:
        user ID
    else:
        error

[*] 
https://www.gnu.org/software/coreutils/manual/html_node/Disambiguating-names-and-IDs.html

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option
  - From: Ian Jackson
- Re: [Xen-devel] [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option
  - From: Ian Jackson

References:
- [Xen-devel] [PATCH v2 0/*] xen: xen-domid-restrict improvements
  - From: Ian Jackson
- [Xen-devel] [PATCH 7/8] os-posix: Provide new -runasid option
  - From: Ian Jackson

Prev by Date: [Xen-devel] [xen-4.8-testing test] 114126: regressions - FAIL
Next by Date: [Xen-devel] [PATCH] Remove redundant code in branch MAP_PIRQ_TYPE_MSI
Previous by thread: Re: [Xen-devel] [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option
Next by thread: Re: [Xen-devel] [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.