On 06/23/2011 08:05 AM, Daniel P. Berrange wrote:
> The code emitting taint warnings was mistakenly thinking
> that guests run from the QEMU session driver were tainted
> for having high privileges. This is of course nonsense
> since the session driver is always unprivileged
>
> * src/qemu/qemu_domain.c: Don't warn for high privileges in
> non-privileged QEMU
> ---
> src/qemu/qemu_domain.c | 7 ++++---
> 1 files changed, 4 insertions(+), 3 deletions(-)
>
> diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
> index fab316f..3af1c86 100644
> --- a/src/qemu/qemu_domain.c
> +++ b/src/qemu/qemu_domain.c
> @@ -788,9 +788,10 @@ void qemuDomainObjCheckTaint(struct qemud_driver *driver,
> {
> int i;
>
> - if (!driver->clearEmulatorCapabilities ||
> - driver->user == 0 ||
> - driver->group == 0)
> + if (driver->privileged &&
> + (!driver->clearEmulatorCapabilities ||
> + driver->user == 0 ||
> + driver->group == 0))
ACK. I guess even root can give up privileges, which it does in the
session driver.
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list