On 05/16/2012 10:30 AM, Seth Jennings wrote: > libvirt dev team, > > I'm running libvirtd 0.9.8 and I notice than when I provide a kernel > path for my VM, libvirt chowns the kernel file I provide to root:root. > > I see this was done in 0.7.1 > > http://libvirt.org/git/?p=libvirt.git;a=commit;h=c42b39784534930791d1feb3de859d85a7848168 > > Why was this done? It seems to me that the kernel and initrd file > would be completely read-only from the qemu perspective, and qemu > would only need read access to the files. When running qemu as qemu:qemu, the kernel file must be owned by qemu for the duration of the guest running, and then libvirt reverts it back when the guest exits. My guess is that libvirt is reverting back to the wrong permissions, if your file is ending up as root:root at the end of the day instead of what you wanted. > > For unprivileged users without sudo access, this chowning results in > kernel files that can not be removed or modified. We've long desired to add ACLs instead of chown'ing a file, where ACLs are supported, as then we would just revoke the ACL instead of chown'ing back (and perhaps back to the wrong owner) when the guest goes away. There's definitely room for improvement in this area of the code; would you like to help by contributing patches? -- Eric Blake eblake@xxxxxxxxxx +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list