Re: libguestfs integration: rich disk access for libvirt applications

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/28/2011 11:52 AM, Richard W.M. Jones wrote:
We do have a historical syntax from Xen paravirt which lets us call out
to a helper at boot time, namely the "<bootloader>" element. With Xen
this is typically something like pygrub, or pxegrub, which does some
work and writes out a kernel+initrd into temporary files, and prints
the file paths + any kernel args on stdout.

We could just wire up this concept in KVM too without any real trouble,
and then we could have guestfs-bootloader script todo the magic setup

I'm fine with this.

Are there security implications to allowing users to add<bootloader>
clauses pointing at random scripts that get run on remote machines as
different users?

No more so than the fact that we let random clients specify <disk> devices to random devices on remote machines. Right now, granting non-read-only connection rights to a user effectively gives them root access to the machine. There's eventual plans to further restrict things via per-command ACLs, and this should be considered during those plans, but until then, I don't see it as any larger a hole than anything else already present in libvirt design.

--
Eric Blake   eblake@xxxxxxxxxx    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]