From: "Daniel P. Berrange" <berrange@redhat.com>
To: Chris Wright <chrisw@redhat.com>
Cc: Alex Williamson <alex.williamson@redhat.com>,
kvm@vger.kernel.org, ddutile@redhat.com
Subject: Re: [PATCH] device-assignment: Use PCI I/O port sysfs resource file when available
Date: Wed, 21 Jul 2010 09:17:49 +0100 [thread overview]
Message-ID: <20100721081749.GC21281@redhat.com> (raw)
In-Reply-To: <20100720231306.GE7951@x200.localdomain>
On Tue, Jul 20, 2010 at 04:13:06PM -0700, Chris Wright wrote:
> * Alex Williamson (alex.williamson@redhat.com) wrote:
> > When supported by the host kernel, we can use read/write on the
> > PCI sysfs resource file for I/O port regions. This allows us to
> > avoid raw in/out commands and works with deprivileged guests via
> > libvirt. For uid 0 callers, we use in/out directly to avoid any
> > compatibility issues.
>
> won't uid 0 test will fail if libvirt launches qemu with user set to
> root (capabilities still get dropped)?
Yes, if the kernel is doing a CAP_SYS_ADMIN check (or similar), then
testing uid==0 is definitely wrong. You'd need to test have(CAP_SYS_ADMIN)
instead.
REgards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
next prev parent reply other threads:[~2010-07-21 8:17 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-20 22:11 [PATCH] device-assignment: Use PCI I/O port sysfs resource file when available Alex Williamson
2010-07-20 23:13 ` Chris Wright
2010-07-21 8:17 ` Daniel P. Berrange [this message]
2010-07-21 3:30 ` [PATCH v2] " Alex Williamson
2010-07-21 14:24 ` [PATCH v3] " Alex Williamson
2010-07-23 21:47 ` [PATCH v4] " Alex Williamson
2010-07-23 23:01 ` Chris Wright
2010-07-27 20:37 ` Marcelo Tosatti
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100721081749.GC21281@redhat.com \
--to=berrange@redhat.com \
--cc=alex.williamson@redhat.com \
--cc=chrisw@redhat.com \
--cc=ddutile@redhat.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.