[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v6] run QEMU as non-root

On Thu, 2015-07-09 at 17:14 -0600, Jim Fehlig wrote:
> On 07/09/2015 04:34 AM, Ian Campbell wrote:
> > On Wed, 2015-07-01 at 15:03 -0600, Jim Fehlig wrote:
> >> Perhaps.  But thanks for providing a way (b_info->device_model_user) for 
> >> apps to
> >> override the libxl policy.
> > You mentioned in v5 that libvirt supports setting both the user and the
> > group and that the qemu driver supports that. How does that work?
> >
> > AFAICT qemu's -runas option only takes a user and it takes that user's
> > primary group and uses that with no configurability. I think that's a
> > fine way to do things, but you implied greater configurability in
> > libvirt and I'm now curious...
> 
> The libvirt qemu driver doesn't use qemu's -runas option. It calls 
> setregid()/setreuid() in the child after fork()'ing, but before exec()'ing, 
> qemu.

Makes sense, thanks.

Ian.



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.