[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 5/5] Allow all user to create a file under the directory /var/lib/xen
On Tue, 2016-01-26 at 17:15 +0000, Stefano Stabellini wrote: > It is sufficient to create an empty save file, as returned by > libxl__device_model_savefile, with the right owner, at domain creation > time. Something like below: > > diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c > index a088d71..f908422 100644 > --- a/tools/libxl/libxl_dm.c > +++ b/tools/libxl/libxl_dm.c > @@ -1285,6 +1285,12 @@ end_search: > ÂÂÂÂÂÂÂÂÂif (user != NULL && strcmp(user, "root")) { > ÂÂÂÂÂÂÂÂÂÂÂÂÂflexarray_append(dm_args, "-runas"); > ÂÂÂÂÂÂÂÂÂÂÂÂÂflexarray_append(dm_args, user); > + > +ÂÂÂÂÂÂÂÂÂÂÂÂconst char *filename = libxl__device_model_savefile(gc, > guest_domid); > +ÂÂÂÂÂÂÂÂÂÂÂÂint fd = open(filename, O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, > 0600); > +ÂÂÂÂÂÂÂÂÂÂÂÂstruct passwd *pw = getpwnam(user); > +ÂÂÂÂÂÂÂÂÂÂÂÂfchown(fd, pw->pw_uid, pw->pw_gid); > +ÂÂÂÂÂÂÂÂÂÂÂÂclose(fd); > ÂÂÂÂÂÂÂÂÂ} > ÂÂÂÂÂ} > ÂÂÂÂÂflexarray_append(dm_args, NULL); > > This is another thing that would be easier to fix after Ian's privsep > series, because we'll have a better place for this code. Right. In the meantime I think we should update at least docs/misc/qemu- deprivilege.txt and probably docs/man/xl.cfg.pod.5:device_model_user to mention the shortcomings of using these options if they are going to break core functionality such as migration. Would you knock up a patch please? At the same time, I wonder ifÂdocs/misc/qemu-deprivilege.txt ought to move toÂdocs/features/ ? Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx http://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |