|
| From: | Anthony Liguori |
| Subject: | Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu |
| Date: | Thu, 05 Nov 2009 08:50:32 -0600 |
| User-agent: | Thunderbird 2.0.0.23 (X11/20090825) |
Avi Kivity wrote:
On 11/05/2009 04:33 PM, Avi Kivity wrote:and concerned that we're loosening security for qemu non-users.I see you've addressed this via an acl system. Still, this is IMO should be outside qemu, esp. as security is now much more than users/groups (i.e. selinux and friends).
Actually, I think this model is pretty close to what the latest crazes are in the security world. The model you're advocating (privileged process handing over a fd) is not as secure because it requires that the management daemon runs as a privileged user. There's nothing about this that prevents the use of a management framework. In fact, had this existed when libvirt was first written, I'd hope libvirt would have used this mechanism instead of fd inheritance.
Management software is really just another user. We really want management software to run unprivileged as much as possible.
-- Regards, Anthony Liguori
| [Prev in Thread] | Current Thread | [Next in Thread] |