From: Ian Campbell <ian.campbell@citrix.com>
To: Ian Jackson <Ian.Jackson@eu.citrix.com>
Cc: xen-devel@lists.xensource.com, wei.liu2@citrix.com,
Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Subject: Re: [PATCH v2] run QEMU as non-root
Date: Fri, 15 May 2015 15:40:32 +0100 [thread overview]
Message-ID: <1431700832.8943.133.camel@citrix.com> (raw)
In-Reply-To: <21846.642.6989.603737@mariner.uk.xensource.com>
On Fri, 2015-05-15 at 15:28 +0100, Ian Jackson wrote:
> Stefano Stabellini writes ("[PATCH v2] run QEMU as non-root"):
> > +2) a user named "xen-qemudepriv-base", adding domid to its uid
> > +If xen-qemudepriv-base has uid 6000, and the domid is 25, libxl will try
> > +to use uid 6025. To use this mechanism, you might want to create a large
> > +number of users at installation time. For example:
>
> You should document explicitly, and not just in the example, that this
> will require the reservation of 65536 uids from the uid of
> xen-qemudepriv-base to that uid+65535.
>
> > + buf_size = sysconf(_SC_GETPW_R_SIZE_MAX);
> > + if (buf_size < 0) {
> > + LOGE(ERROR, "sysconf(_SC_GETPW_R_SIZE_MAX) returned error %ld", buf_size);
> > + goto end_search;
> > + }
> > + buf = libxl__malloc(gc, buf_size);
>
> This is not the correct use of getpwnam_r. getpwnam_r is allowed to
> fail with ERANGE even if the buffer you provide is as big as the
> sysconf requested.
>
> But: is qemu at this point actually multithreaded ? If not then
> plain getpwnam is probably better...
This code is in libxl not qemu...
Ian.
next prev parent reply other threads:[~2015-05-15 14:40 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-15 11:44 [PATCH v2] run QEMU as non-root Stefano Stabellini
2015-05-15 14:28 ` Ian Jackson
2015-05-15 14:40 ` Ian Campbell [this message]
2015-05-15 17:58 ` Jim Fehlig
2015-05-15 18:07 ` Stefano Stabellini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1431700832.8943.133.camel@citrix.com \
--to=ian.campbell@citrix.com \
--cc=Ian.Jackson@eu.citrix.com \
--cc=stefano.stabellini@eu.citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.