On Tue, Mar 26, 2019 at 06:01:48PM +0100, Andrea Bolognani wrote: > Our current defaults are root:wheel on FreeBSD and macOS, root:root > everywhere else. > > Looking at what downstream distributions actually do, we can see that > these defaults are overriden the vast majority of the time, with a > number of variations showing up in the wild: > > * qemu:qemu -> Used by CentOS, Fedora, Gentoo, OpenSUSE, RHEL > and... As it turns out, our very own spec file :) > > * libvirt-qemu:libvirt-qemu -> Used by Debian. > > * libvirt-qemu:kvm -> Used by Ubuntu. > > * nobody:nobody -> Used by Arch Linux. > > Based on this information, we can do a better job at integrating with > downstream packages: if the distro-specific user and group already > exist on the system then we use them, and if not (or we're building > on an unknown OS) we just use root:root as we would have before. > > This change makes it less likely that people building from source > will end up running their guests as root, which is a very desiderable > outcome from the security point of view. > > Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
