[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v7 0/4] -net bridge: rootless bridge support for
|
From: |
Lutz Vieweg |
|
Subject: |
Re: [Qemu-devel] [PATCH v7 0/4] -net bridge: rootless bridge support for qemu |
|
Date: |
Wed, 04 Jan 2012 18:49:15 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 |
On 01/04/2012 06:18 PM, Corey Bryant wrote:
With qemu it is possible to run a guest from an unprivileged user but if
we wanted to communicate with the outside world we had to switch
to root.
We address this problem by introducing a new network backend and a new
network option for -net tap.
I appreciate the effort you've invested to implement this
work-around.
But I wonder if there isn't a much simpler, and straight-forward method:
tap devices, theoretically, already have a "group" assigned to them
(as well as a "user"). Currently it seems, though, that the "group"
is basically ignored and has no actual influence on who may access
a tap device and how. (If "tunctl -p -u username -g groupname -t tapX"
was used to create a tap device, the "username" can access it, but
not members of "groupname" - for no obvious reasons.)
If that was changed, and the "group" was actually honored, the problem
would collapse into root needing to create at boot time a useful amount
of tap devices attached to whatever bridge appropriate, and assigning
the group such that users who should be entitled to use those devices
are members of those groups.
Then qemu (started as a user) would just need to iterate through the available
tap-devices
to find one that is unused (if not specified by name) and belongs a
group the user is member of.
Isn't that much more the "unix"-way, not requiring additional ACLs,
not requiring any additional tools being run, not requiring any
exploit-prone suid executables?
Regards,
Lutz Vieweg