[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [Qemu-block] Raw notes from a small block layer/QAPI/so
|
From: |
Kashyap Chamarthy |
|
Subject: |
Re: [Qemu-devel] [Qemu-block] Raw notes from a small block layer/QAPI/something pre-christmas meeting |
|
Date: |
Wed, 20 Dec 2017 12:29:30 +0100 |
|
User-agent: |
NeoMutt/20171027 |
On Wed, Dec 20, 2017 at 10:57:40AM +0000, Daniel P. Berrange wrote:
> On Wed, Dec 20, 2017 at 11:44:36AM +0100, Kashyap Chamarthy wrote:
> > On Mon, Dec 18, 2017 at 11:11:00AM +0100, Markus Armbruster wrote:
[...]
> > > Another thought: do we want to give qemu-system-* the necessary
> > > privileges for creating images? Two cases: running with and without a
> > > guest.
> >
> > Related: Just curious -- was it an explicit design decision to not give
> > `qemu-system-*` permissions to create disk images?
>
> Our security model considers QEMU broadly untrustworthy, and so any resources
> it needs to use must either be passed in by libvirt, or have permissions
> explicitly assigned to permit usage by QEMU. QEMU is allowed to create tmp
> files, and create RAM files for memory backing, but in general we don't want
> to have QEMU able to create arbitrary files, only open things that are
> already created.
Ah, true. Thanks for the reminder about the security architecture.
(Also I realize that libvirt launches QEMU as an unprivileged user,
'qemu', which is part of the defense-in-depth approach, along w/ sVirt
mechanism, etc.)
[...]
--
/kashyap
Re: [Qemu-devel] Raw notes from a small block layer/QAPI/something pre-christmas meeting, Daniel P. Berrange, 2017/12/20
Re: [Qemu-devel] Raw notes from a small block layer/QAPI/something pre-christmas meeting, Vladimir Sementsov-Ogievskiy, 2017/12/22