Hi,
On Thu, 27 May 2021 at 13:34, Michal Prívozník <mprivozn@xxxxxxxxxx> wrote:
Disks can contain various secrets (passwords, certificates, private
keys, etc.). Historically, libvirt set seclabel on anything that QEMU
needed access to and then returned it to root:root when QEMU no longer
needed it, exactly because we could not tell if some sensitive info was
stored in a file or not.
With recent enough libvirt (5.6.0 or newer) libvirt remember the
original seclabel (owner + SELinux label) and restores them afterwards.
The mode is untouched though.
Does the typical SELinux label prevent other users on the system from reading the VM image file even if it has o+r set on it? I'm hazy enough on SELinux that I don't want to make any invalid assumptions.
I'd say that if somebody wants a disk to be "shared", e.g. readable by
other users on the system, they can put <shareable/> stanza into disk
XML. But then again - libvirt doesn't change the mode. So I think it's
up to vagrant to decide.
Michal
I think requiring an explicit decision to share is probably the best approach and better to keep that as part of the requirements before enabling o+r on the mode. Thanks, that's a very useful suggestion.
--
Darragh Bailey
"Nothing is foolproof to a sufficiently talented fool"
"Nothing is foolproof to a sufficiently talented fool"
