[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] util: secure memfd_create fallback mechanism
From: |
Rafael David Tinoco |
Subject: |
Re: [Qemu-devel] [PATCH] util: secure memfd_create fallback mechanism |
Date: |
Tue, 27 Sep 2016 08:31:30 -0300 |
Hello!
> On Sep 27, 2016, at 08:13, Marc-André Lureau <address@hidden> wrote:
>
>> Note that the filename, per se, is not as important as other files,
>> since qemu won't provide it for being accessed by external programs, and,
>> deletes the file, while keeping the descriptor, right after its creation
>> (due to its nature, that is probably why it was created in /tmp).
>>
>> Having libvirt to define a filename that would not be used for recent
>> kernels (> 3.17) and would exist for a fraction of second doesn't seem
>> right to me.
>>
>
> There are other parts of qemu that rely on creating temporary files, and this
> seems to lack a bit of uniformity. Would it make sense to define a place
> where qemu could create those? Or setting TMPDIR should help too. Could
> libvirt set a per-vm TMPDIR with appropriate security rules?
You got a point. With a per-vm TMPDIR we don't have to care about filenames in
future for the security driver, while still securing them per-instance base.
I'll come back to you!
Thank you!