Re: [PATCH RFC] qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Feb 04, 2019 at 04:32:52PM +0100, Peter Krempa wrote:
> On Mon, Feb 04, 2019 at 16:26:02 +0100, Peter Krempa wrote:
> > It will not work. This breaks qemu capabilities probing as a user.
> > ---
> >  src/qemu/qemu_capabilities.c | 3 ++-
> >  1 file changed, 2 insertions(+), 1 deletion(-)
> > 
> > diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> > index 7ed5f94803..81ef0357e7 100644
> > --- a/src/qemu/qemu_capabilities.c
> > +++ b/src/qemu/qemu_capabilities.c
> > @@ -4524,7 +4524,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCapsInitQMPCommandPtr cmd,
> >  #if WITH_CAPNG
> >      /* QEMU might run into permission issues, e.g. /dev/sev (0600), override
> >       * them just for the purpose of probing */
> > -    virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
> > +    if (geteuid() == 0)
> 
> Possibly replacing this with driver->privileged for the qemu driver but
> that is not easily accessible.

It doesn't really matter as  privileged == (geteuid() == 0)  since we purged
the hack for Solaris that tried to run privileged libvirtd as non-root for
Xen.  We've got many other cases using geteuid() == 0 where they cannot
access the 'privileged' flag alrady.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux