Re: [libvirt] [PATCH 3/3] Run all VMs without capabilities

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 22, 2009 at 09:05:24PM +0100, Daniel P. Berrange wrote:
> This patch adds a new flag to virExec() called  VIR_EXEC_CLEAR_CAPS.
> If you set this flag than all capabilities are removed inbetween the
> fork() and exec() pair. 
> 
> It also updates QEMU and UML driver to run their VMs without any privileges.
> A mild security benefit for most distros today, but if distros start to
> lock down what the unprivileged root user can do, this benefit increases.
> 
> It also removes all capabilities from the 'ssh' client spawned by the 
> remote client, since that shouldn't need any real privileges to open a
> tunnel.

  IMHO that and the first patch could be applied as is, even if the
  other patches a a bit more subtle, that is simple direct and clear
  we don't need to wait for this.


> +#else
> +static int virClearCapabilities(void)
> +{
> +//    VIR_WARN0("libcap-ng support not compiled in, unable to clear capabilities");

  Hum, to be cleaned up one way or another :-)

    ACK

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel@xxxxxxxxxxxx  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]