From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N621W-0002SL-Qf
	for qemu-devel@nongnu.org; Thu, 05 Nov 2009 08:05:10 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N621S-0002Rt-Ag
	for qemu-devel@nongnu.org; Thu, 05 Nov 2009 08:05:10 -0500
Received: from [199.232.76.173] (port=44049 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N621S-0002Rq-5K
	for qemu-devel@nongnu.org; Thu, 05 Nov 2009 08:05:06 -0500
Received: from mail-qy0-f194.google.com ([209.85.221.194]:51566)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1N621R-0000W4-O6
	for qemu-devel@nongnu.org; Thu, 05 Nov 2009 08:05:05 -0500
Received: by qyk32 with SMTP id 32so3016337qyk.4
	for <qemu-devel@nongnu.org>; Thu, 05 Nov 2009 05:05:05 -0800 (PST)
Message-ID: <4AF2CD7D.6090500@codemonkey.ws>
Date: Thu, 05 Nov 2009 07:05:01 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] Re: [PATCH 0/4] net-bridge: rootless bridge support
	for qemu
References: <1257294485-27015-1-git-send-email-aliguori@us.ibm.com>
	<20091104170406.GA461@redhat.com> <4AF1DA71.2000209@codemonkey.ws>
	<20091104200423.GA935@redhat.com> <4AF1E7AA.5070409@codemonkey.ws>
	<20091105081752.GA5774@redhat.com>
In-Reply-To: <20091105081752.GA5774@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Mark McLoughlin <markmc@redhat.com>, Arnd Bergmann <arndbergmann@googlemail.com>, Dustin Kirkland <kirkland@canonical.com>, qemu-devel@nongnu.org, Juan Quintela <quintela@redhat.com>

Michael S. Tsirkin wrote:
> On Wed, Nov 04, 2009 at 02:44:26PM -0600, Anthony Liguori wrote:
>   
>> Michael S. Tsirkin wrote:
>>     
>>>> Well it doesn't really help with the issue of privileges which is 
>>>> what  this series is really about.
>>>>
>>>> Regards,
>>>>
>>>> Anthony Liguori
>>>>     
>>>>         
>>> I note that by default you grant all users all access.
>>> If you do that, just give them net cap admin already?
>>>   
>>>       
>> By default, I give no users any access.
>>     
>
> Oh, I misunderstood. This is what gave me the idea:
>
> ] If we fail to include an acl file, we are silent about it making this mechanism
> ] work pretty seamlessly.
>
> What did you mean, in fact?
>   

The default policy is deny all.  If we fail to include the main acl 
file, we throw an error.  If the main acl file includes another acl 
file, and that file cannot be read (because of EPERM), we are silent.  
This allows the use of additional included acl files that have different 
file permissions.  This is how we use filesystem permissions to 
implement more sophisticated acls.

It's kind of weird, but I like the fact that the enforce is done by the 
OS as opposed to having the enforcement done by the helper.

Regards,

Anthony Liguori