[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 5/5] Allow all user to create a file under the directory /var/lib/xen
On 25/01/2016 20:36, Konrad Rzeszutek Wilk wrote: > On Wed, Dec 30, 2015 at 11:00:52AM +0000, Andrew Cooper wrote: >> On 30/12/2015 05:25, Wen Congyang wrote: >>> On 12/30/2015 12:11 PM, Doug Goldstein wrote: >>>> On 12/29/15 8:39 PM, Wen Congyang wrote: >>>>> We may use non-root user to run qemu, and the qemu needs to write >>>>> save file to /var/lib/xen. So we should allow all user to create >>>>> a file under the directory /var/lib/xen >>>>> >>>>> Signed-off-by: Wen Congyang <wency@xxxxxxxxxxxxxx> >>>>> --- >>>>> tools/Makefile | 2 +- >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> >>>>> diff --git a/tools/Makefile b/tools/Makefile >>>>> index 820ca40..402b417 100644 >>>>> --- a/tools/Makefile >>>>> +++ b/tools/Makefile >>>>> @@ -60,7 +60,7 @@ build all: subdirs-all >>>>> install: subdirs-install >>>>> $(INSTALL_DIR) -m 700 $(DESTDIR)$(XEN_DUMP_DIR) >>>>> $(INSTALL_DIR) $(DESTDIR)/var/log/xen >>>>> - $(INSTALL_DIR) $(DESTDIR)/var/lib/xen >>>>> + $(INSTALL_DIR) -m 777 $(DESTDIR)/var/lib/xen >>>>> .PHONY: uninstall >>>>> uninstall: D=$(DESTDIR) >>>>> >>>> I could be wrong but this doesn't seem like something that you'd want to >>>> do given what's stored in there. Could you do something with permissions >>>> on sub-directories to achieve what you need? >>>> >>> The save file's path is: >>> #define LIBXL_DEVICE_MODEL_SAVE_FILE "/var/lib/xen/qemu-save" /* .$domid */ >>> >>> So all user must have write permission on the directory /var/lib/xen/, >>> otherwise, >>> the migration will fail. >> For now, I would avoid running qemu as a non-root user. It doesn't gain you >> any meaninful security at present (at the expense of a warning which can't >> be turned off). >> >> As to this bug, marking the directory 0777 is not an option, as save records >> necessarily contain sensitive data. >> >> Longterm, (and already identified in one of the threads in the past), the >> best course of action is to switch away from having files, and passing file >> descriptors instead. This is more flexible (currently libxl can't function >> on a read-only root filesystem), and would allow a privileged entity to open >> the file descriptor and pass it to a non-privileged entity to use. This >> allows the non-privileged entity to function, and maintains security. > Wen, > > Could you mention the use case for wanting to write files there? Looking > at the patches you had sent for COLO and Remus they use an file descriptor - > so > what is the use-case here? This is a bug in existing code. It is not a COLO specific issue. The current protocol for live migration requires Qemu to write its save file here. Until this issue is resolved, live migration is inoperable with Qemu running as a non-root user. ~Andrew _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |