On 05/28/2010 09:16 AM, Eric Blake wrote: > On 05/27/2010 05:24 PM, Cole Robinson wrote: >> Currently there is no way to opt out of libvirt dropping POSIX >> capabilities for qemu. This at least is a useful debugging tool, but >> is also wanted by users (and distributors): >> >> https://bugzilla.redhat.com/show_bug.cgi?id=559154 >> https://bugzilla.redhat.com/show_bug.cgi?id=573850 >> >> Signed-off-by: Cole Robinson <crobinso@xxxxxxxxxx> >> --- >> src/qemu/qemu.conf | 5 +++++ >> src/qemu/qemu_conf.c | 5 +++++ >> src/qemu/qemu_conf.h | 2 +- >> src/qemu/qemu_driver.c | 11 +++++++++-- >> 4 files changed, 20 insertions(+), 3 deletions(-) >> >> diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf >> index 98a1176..b976dcc 100644 >> --- a/src/qemu/qemu.conf >> +++ b/src/qemu/qemu.conf >> @@ -178,3 +178,8 @@ >> # QEMU_AUDIO_DRV environment variable when using VNC. >> # >> # vnc_allow_host_audio = 0 >> +# >> + >> +# If clear_emulator_capabilities is enabled, libvirt will drop all POSIX >> +# capabilities of the QEmu/KVM emulator. This is enabled by default >> +# clear_emulator_capabilities = 1 > > s/POSIX/privileged/ - POSIX doesn't say anything about superuser > privileges, so we aren't dropping POSIX capabilities. > Okay. > Leaving qemu privileged means that a compromised guest can exploit the > privileges and do damage to the hypervisor; is it worth adding > additional comments warning the user about the lack of security inherent > in clearing the option? > How about # If clear_emulator_capabilities is enabled, libvirt will drop all # privileged capabilities of the QEmu/KVM emulator. This is enabled by # default. # # Warning: Disabling this option means that a compromised guest can # exploit the privileges and possibly do damage to the host. Thanks, Cole -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list