On Mon, Dec 05, 2016 at 02:56:12PM +0100, Michal Privoznik wrote: > On 05.12.2016 13:36, Daniel P. Berrange wrote: > > On Thu, Nov 24, 2016 at 03:47:54PM +0100, Michal Privoznik wrote: > >> Namely, virFileGetACLs, virFileSetACLs, virFileFreeACLs and > >> virFileCopyACLs. These functions are going to be required when we > >> are creating /dev for qemu. We have copy anything that's in > >> host's /dev exactly as is. Including ACLs. > > > > Do we really ? > > > > IIUC, udev uses ACLs on /dev in order to grant end users in the desktop > > session permission on certain device nodes, without chowning the whole > > device. > > > > The device nodes in our private /dev only need to be accessible to the > > QEMU process we're about to run. > > > > So neither existing ownership, group, permissions, nor ACLs matter at > > all. Our security driver code will chown/grp the device to grant > > QEMU access and that's all that's needed AFAICT. > > > > What am I missing that requires us to preserve ACLs ? > > Admins may set ACLs on say /dev/sdb to grant access to some users and > then use relabel='no' in domain XMLs so that libvirt doesn't mess it up. > If we want to honour no-relabel flag we must create the device exactly > as is. Ah ha. I totally forgot about the no-relabel case. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
