From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ian Campbell Subject: Re: [PATCH v2] run QEMU as non-root Date: Fri, 15 May 2015 15:40:32 +0100 Message-ID: <1431700832.8943.133.camel@citrix.com> References: <1431690240-15873-1-git-send-email-stefano.stabellini@eu.citrix.com> <21846.642.6989.603737@mariner.uk.xensource.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <21846.642.6989.603737@mariner.uk.xensource.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Ian Jackson Cc: xen-devel@lists.xensource.com, wei.liu2@citrix.com, Stefano Stabellini List-Id: xen-devel@lists.xenproject.org On Fri, 2015-05-15 at 15:28 +0100, Ian Jackson wrote: > Stefano Stabellini writes ("[PATCH v2] run QEMU as non-root"): > > +2) a user named "xen-qemudepriv-base", adding domid to its uid > > +If xen-qemudepriv-base has uid 6000, and the domid is 25, libxl will try > > +to use uid 6025. To use this mechanism, you might want to create a large > > +number of users at installation time. For example: > > You should document explicitly, and not just in the example, that this > will require the reservation of 65536 uids from the uid of > xen-qemudepriv-base to that uid+65535. > > > + buf_size = sysconf(_SC_GETPW_R_SIZE_MAX); > > + if (buf_size < 0) { > > + LOGE(ERROR, "sysconf(_SC_GETPW_R_SIZE_MAX) returned error %ld", buf_size); > > + goto end_search; > > + } > > + buf = libxl__malloc(gc, buf_size); > > This is not the correct use of getpwnam_r. getpwnam_r is allowed to > fail with ERANGE even if the buffer you provide is as big as the > sysconf requested. > > But: is qemu at this point actually multithreaded ? If not then > plain getpwnam is probably better... This code is in libxl not qemu... Ian.