Re: New QEMU daemon for persistent reservations

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 27/11/2017 14:35, Michal Privoznik wrote:
>>> But can you also test _more_ permissions if you want?  So if QEMU passed
>>> to the helper a file for which it has "lock" but not "ioctl" access,
>>> would it make sense for the helper to let it through?  Together with the
>>> socket MAC, this should be precise enough.
>> Sure, you can check any of the permissions which are defined for the
>> type of object you've got. The goal is to check permissions which
>> correspond to actions you're taking on the object. So if you do
>> something other than just ioctl() on the passed in FD, it would make
>> sense to check further permissions as appropriate.
> Just to make sure I understand correctly: the PD passing is done by qemu
> and not libvirt, right? Technically, we don't open the disks.

Correct.

Paolo

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux