Re: [Qemu-devel] [libvirt] [PATCH v4 0/5] Per-guest configurable user/group for QEMU processes

[Corey Bryant]

Are there any other requirements that need to be taken care of to enable 
execution of QEMU guests under separate unprivileged user IDs (ie. DAC 
isolation)?

At this point, this patch series (Per-guest configurable user/group for 
QEMU processes) is upstream, allowing libvirt to execute guests under 
separate unprivileged user IDs.  Additionally, the QEMU bridge helper 
series is upstream, allowing QEMU to allocate a tap device and attach it 
to a bridge when run under an unprivileged user ID 
(http://www.redhat.com/archives/libvir-list/2012-August/msg00277.html).

Is there any other feature in QEMU that requires QEMU to be run as root?

--
Regards,
Corey

On 08/15/2012 06:10 PM, Marcelo Cerri wrote:
> This is a v4 patch series that updates the libvirt's security driver mechanism 
> to support per-guest configurable user and group for QEMU processes running 
> together with other security drivers, such as SELinux and AppArmor.
>
> Marcelo Cerri (5):
>    Internal refactory of data structures
>    Multiple security drivers in XML data
>    Update security layer to handle many security labels
>    Support for multiple default security drivers in QEMU config
>    Update the remote API
>
>   daemon/remote.c                                    |   63 ++++
>   docs/formatdomain.html.in                          |   11 +-
>   docs/schemas/capability.rng                        |   18 +-
>   docs/schemas/domaincommon.rng                      |   30 ++-
>   include/libvirt/libvirt.h.in                       |    2 +
>   python/generator.py                                |    1 +
>   src/conf/capabilities.c                            |   17 +-
>   src/conf/capabilities.h                            |    6 +-
>   src/conf/domain_audit.c                            |   14 +-
>   src/conf/domain_conf.c                             |  343 +++++++++++++++-----
>   src/conf/domain_conf.h                             |   20 +-
>   src/driver.h                                       |    4 +
>   src/libvirt.c                                      |   47 +++
>   src/libvirt_private.syms                           |    5 +
>   src/libvirt_public.syms                            |    1 +
>   src/lxc/lxc_conf.c                                 |    8 +-
>   src/lxc/lxc_controller.c                           |    8 +-
>   src/lxc/lxc_driver.c                               |   11 +-
>   src/lxc/lxc_process.c                              |   23 +-
>   src/qemu/qemu.conf                                 |    6 +-
>   src/qemu/qemu_conf.c                               |   38 ++-
>   src/qemu/qemu_conf.h                               |    2 +-
>   src/qemu/qemu_driver.c                             |  218 +++++++++++---
>   src/qemu/qemu_process.c                            |   50 ++-
>   src/remote/remote_driver.c                         |   46 +++
>   src/remote/remote_protocol.x                       |   17 +-
>   src/remote_protocol-structs                        |   11 +
>   src/security/security_apparmor.c                   |  118 +++++--
>   src/security/security_dac.c                        |  324 +++++++++++++++++--
>   src/security/security_manager.c                    |  101 +++++--
>   src/security/security_manager.h                    |    8 +-
>   src/security/security_selinux.c                    |  263 +++++++++++-----
>   src/security/security_stack.c                      |  237 +++++++++-----
>   src/security/security_stack.h                      |   13 +
>   src/test/test_driver.c                             |   11 +-
>   .../qemuxml2argv-seclabel-dynamic-override.xml     |    4 +-
>   .../qemuxml2argv-seclabel-dynamic.xml              |    2 +-
>   37 files changed, 1653 insertions(+), 448 deletions(-)
>
> --
> libvir-list mailing list
> address@hidden
> https://www.redhat.com/mailman/listinfo/libvir-list