[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 5/5] Allow all user to create a file under the directory /var/lib/xen
On Tue, 2016-01-26 at 00:00 +0000, Andrew Cooper wrote: > On 25/01/2016 20:36, Konrad Rzeszutek Wilk wrote: > > On Wed, Dec 30, 2015 at 11:00:52AM +0000, Andrew Cooper wrote: > > > On 30/12/2015 05:25, Wen Congyang wrote: > > > > On 12/30/2015 12:11 PM, Doug Goldstein wrote: > > > > > On 12/29/15 8:39 PM, Wen Congyang wrote: > > > > > > We may use non-root user to run qemu, and the qemu needs to > > > > > > write > > > > > > save file to /var/lib/xen. So we should allow all user to > > > > > > create > > > > > > a file under the directory /var/lib/xen > > > > > > > > > > > > Signed-off-by: Wen Congyang <wency@xxxxxxxxxxxxxx> > > > > > > --- > > > > > > Âtools/Makefile | 2 +- > > > > > > Â1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > > > diff --git a/tools/Makefile b/tools/Makefile > > > > > > index 820ca40..402b417 100644 > > > > > > --- a/tools/Makefile > > > > > > +++ b/tools/Makefile > > > > > > @@ -60,7 +60,7 @@ build all: subdirs-all > > > > > > Âinstall: subdirs-install > > > > > > Â $(INSTALL_DIR) -m 700 $(DESTDIR)$(XEN_DUMP_DIR) > > > > > > Â $(INSTALL_DIR) $(DESTDIR)/var/log/xen > > > > > > - $(INSTALL_DIR) $(DESTDIR)/var/lib/xen > > > > > > + $(INSTALL_DIR) -m 777 $(DESTDIR)/var/lib/xen > > > > > > Â.PHONY: uninstall > > > > > > Âuninstall: D=$(DESTDIR) > > > > > > > > > > > I could be wrong but this doesn't seem like something that you'd > > > > > want to > > > > > do given what's stored in there. Could you do something with > > > > > permissions > > > > > on sub-directories to achieve what you need? > > > > > > > > > The save file's path is: > > > > #define LIBXL_DEVICE_MODEL_SAVE_FILE "/var/lib/xen/qemu-save" /* > > > > .$domid */ > > > > > > > > So all user must have write permission on the directory > > > > /var/lib/xen/, otherwise, > > > > the migration will fail. > > > For now, I would avoid running qemu as a non-root user.ÂÂIt doesn't > > > gain you > > > any meaninful security at present (at the expense of a warning which > > > can't > > > be turned off). > > > > > > As to this bug, marking the directory 0777 is not an option, as save > > > records > > > necessarily contain sensitive data. > > > > > > Longterm, (and already identified in one of the threads in the past), > > > the > > > best course of action is to switch away from having files, and > > > passing file > > > descriptors instead.ÂÂThis is more flexible (currently libxl can't > > > function > > > on a read-only root filesystem), and would allow a privileged entity > > > to open > > > the file descriptor and pass it to a non-privileged entity to > > > use.ÂÂThis > > > allows the non-privileged entity to function, and maintains security. > > Wen, > > > > Could you mention the use case for wanting to write files there? > > Looking > > at the patches you had sent for COLO and Remus they use an file > > descriptor - so > > what is the use-case here? > > This is a bug in existing code.ÂÂIt is not a COLO specific issue. > > The current protocol for live migration requires Qemu to write its save > file here. > > Until this issue is resolved, live migration is inoperable with Qemu > running as a non-root user. Stefano, is this already on your list of issues to address? In any case creating a world writeable directory is clearly a non-starter. We might need the toolstack to create a directory with suitable permissions until we can rework things to work with fds only. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |