From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:40206)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1e1Qtx-0003jj-6Q
	for qemu-devel@nongnu.org; Mon, 09 Oct 2017 01:46:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <armbru@redhat.com>) id 1e1Qtu-0001VB-2w
	for qemu-devel@nongnu.org; Mon, 09 Oct 2017 01:46:53 -0400
Received: from mx1.redhat.com ([209.132.183.28]:57084)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <armbru@redhat.com>) id 1e1Qtt-0001Uh-RN
	for qemu-devel@nongnu.org; Mon, 09 Oct 2017 01:46:50 -0400
From: Markus Armbruster <armbru@redhat.com>
References: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com>
	<1507133891-26013-8-git-send-email-ian.jackson@eu.citrix.com>
Date: Mon, 09 Oct 2017 07:46:45 +0200
In-Reply-To: <1507133891-26013-8-git-send-email-ian.jackson@eu.citrix.com>
	(Ian Jackson's message of "Wed, 4 Oct 2017 17:18:10 +0100")
Message-ID: <877ew4ub3u.fsf@dusky.pond.sub.org>
MIME-Version: 1.0
Content-Type: text/plain
Subject: Re: [Qemu-devel] [PATCH 7/8] os-posix: Provide new -runasid option
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: qemu-devel@nongnu.org, Juergen Gross <jgross@suse.com>, Stefano Stabellini <sstabellini@kernel.org>, Ross Lagerwall <ross.lagerwall@citrix.com>, Anthony PERARD <anthony.perard@citrix.com>, xen-devel@lists.xenproject.org, xen-devel@nongnu.org

Ian Jackson <ian.jackson@eu.citrix.com> writes:

> This allows the caller to specify a uid and gid to use, even if there
> is no corresponding password entry.  This will be useful in certain
> Xen configurations.
>
> Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
[...]
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 9f6e2ad..34a5329 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -3968,6 +3968,18 @@ Immediately before starting guest execution, drop root privileges, switching
>  to the specified user.
>  ETEXI
>  
> +#ifndef _WIN32
> +DEF("runasid", HAS_ARG, QEMU_OPTION_runasid, \
> +    "-runasid uid.gid     change to numeric uid and gid just before starting the VM\n",
> +    QEMU_ARCH_ALL)
> +#endif
> +STEXI
> +@item -runasid @var{uid}.@var{gid}
> +@findex -runasid
> +Immediately before starting guest execution, drop root privileges, switching
> +to the specified uid and gid.
> +ETEXI
> +
>  DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
>      "-prom-env variable=value\n"
>      "                set OpenBIOS nvram variables\n",

The last thing the QEMU command line needs is more exotic options.  Are
you sure we need a new one here?  Can we make existing -runas serve?
Precedence: Coreutils[*].  Pseudo-code:

    if argument is a decimal number starting with '+':
        user ID
    else if argument is a valid user name:
        user name
    else if argument is a valid user ID:
        user ID
    else:
        error

[*] https://www.gnu.org/software/coreutils/manual/html_node/Disambiguating-names-and-IDs.html

From mboxrd@z Thu Jan  1 00:00:00 1970
From: Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 7/8] os-posix: Provide new
	-runasid option
Date: Mon, 09 Oct 2017 07:46:45 +0200
Message-ID: <877ew4ub3u.fsf@dusky.pond.sub.org>
References: <1507133891-26013-1-git-send-email-ian.jackson@eu.citrix.com>
 <1507133891-26013-8-git-send-email-ian.jackson@eu.citrix.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Return-path: <xen-devel-bounces@lists.xen.org>
Received: from mail6.bemta6.messagelabs.com ([193.109.254.103])
 by lists.xenproject.org with esmtp (Exim 4.84_2)
 (envelope-from <armbru@redhat.com>) id 1e1Qu1-0005wL-GH
 for xen-devel@lists.xenproject.org; Mon, 09 Oct 2017 05:46:57 +0000
In-Reply-To: <1507133891-26013-8-git-send-email-ian.jackson@eu.citrix.com>
 (Ian Jackson's message of "Wed, 4 Oct 2017 17:18:10 +0100")
List-Unsubscribe: <https://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <https://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xen.org
Sender: "Xen-devel" <xen-devel-bounces@lists.xen.org>
To: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Juergen Gross <jgross@suse.com>, Stefano Stabellini <sstabellini@kernel.org>, qemu-devel@nongnu.org, Ross Lagerwall <ross.lagerwall@citrix.com>, Anthony PERARD <anthony.perard@citrix.com>, xen-devel@lists.xenproject.org, xen-devel@nongnu.org
List-Id: xen-devel@lists.xenproject.org

SWFuIEphY2tzb24gPGlhbi5qYWNrc29uQGV1LmNpdHJpeC5jb20+IHdyaXRlczoKCj4gVGhpcyBh
bGxvd3MgdGhlIGNhbGxlciB0byBzcGVjaWZ5IGEgdWlkIGFuZCBnaWQgdG8gdXNlLCBldmVuIGlm
IHRoZXJlCj4gaXMgbm8gY29ycmVzcG9uZGluZyBwYXNzd29yZCBlbnRyeS4gIFRoaXMgd2lsbCBi
ZSB1c2VmdWwgaW4gY2VydGFpbgo+IFhlbiBjb25maWd1cmF0aW9ucy4KPgo+IFNpZ25lZC1vZmYt
Ynk6IElhbiBKYWNrc29uIDxJYW4uSmFja3NvbkBldS5jaXRyaXguY29tPgpbLi4uXQo+IGRpZmYg
LS1naXQgYS9xZW11LW9wdGlvbnMuaHggYi9xZW11LW9wdGlvbnMuaHgKPiBpbmRleCA5ZjZlMmFk
Li4zNGE1MzI5IDEwMDY0NAo+IC0tLSBhL3FlbXUtb3B0aW9ucy5oeAo+ICsrKyBiL3FlbXUtb3B0
aW9ucy5oeAo+IEBAIC0zOTY4LDYgKzM5NjgsMTggQEAgSW1tZWRpYXRlbHkgYmVmb3JlIHN0YXJ0
aW5nIGd1ZXN0IGV4ZWN1dGlvbiwgZHJvcCByb290IHByaXZpbGVnZXMsIHN3aXRjaGluZwo+ICB0
byB0aGUgc3BlY2lmaWVkIHVzZXIuCj4gIEVURVhJCj4gIAo+ICsjaWZuZGVmIF9XSU4zMgo+ICtE
RUYoInJ1bmFzaWQiLCBIQVNfQVJHLCBRRU1VX09QVElPTl9ydW5hc2lkLCBcCj4gKyAgICAiLXJ1
bmFzaWQgdWlkLmdpZCAgICAgY2hhbmdlIHRvIG51bWVyaWMgdWlkIGFuZCBnaWQganVzdCBiZWZv
cmUgc3RhcnRpbmcgdGhlIFZNXG4iLAo+ICsgICAgUUVNVV9BUkNIX0FMTCkKPiArI2VuZGlmCj4g
K1NURVhJCj4gK0BpdGVtIC1ydW5hc2lkIEB2YXJ7dWlkfS5AdmFye2dpZH0KPiArQGZpbmRleCAt
cnVuYXNpZAo+ICtJbW1lZGlhdGVseSBiZWZvcmUgc3RhcnRpbmcgZ3Vlc3QgZXhlY3V0aW9uLCBk
cm9wIHJvb3QgcHJpdmlsZWdlcywgc3dpdGNoaW5nCj4gK3RvIHRoZSBzcGVjaWZpZWQgdWlkIGFu
ZCBnaWQuCj4gK0VURVhJCj4gKwo+ICBERUYoInByb20tZW52IiwgSEFTX0FSRywgUUVNVV9PUFRJ
T05fcHJvbV9lbnYsCj4gICAgICAiLXByb20tZW52IHZhcmlhYmxlPXZhbHVlXG4iCj4gICAgICAi
ICAgICAgICAgICAgICAgIHNldCBPcGVuQklPUyBudnJhbSB2YXJpYWJsZXNcbiIsCgpUaGUgbGFz
dCB0aGluZyB0aGUgUUVNVSBjb21tYW5kIGxpbmUgbmVlZHMgaXMgbW9yZSBleG90aWMgb3B0aW9u
cy4gIEFyZQp5b3Ugc3VyZSB3ZSBuZWVkIGEgbmV3IG9uZSBoZXJlPyAgQ2FuIHdlIG1ha2UgZXhp
c3RpbmcgLXJ1bmFzIHNlcnZlPwpQcmVjZWRlbmNlOiBDb3JldXRpbHNbKl0uICBQc2V1ZG8tY29k
ZToKCiAgICBpZiBhcmd1bWVudCBpcyBhIGRlY2ltYWwgbnVtYmVyIHN0YXJ0aW5nIHdpdGggJysn
OgogICAgICAgIHVzZXIgSUQKICAgIGVsc2UgaWYgYXJndW1lbnQgaXMgYSB2YWxpZCB1c2VyIG5h
bWU6CiAgICAgICAgdXNlciBuYW1lCiAgICBlbHNlIGlmIGFyZ3VtZW50IGlzIGEgdmFsaWQgdXNl
ciBJRDoKICAgICAgICB1c2VyIElECiAgICBlbHNlOgogICAgICAgIGVycm9yCgpbKl0gaHR0cHM6
Ly93d3cuZ251Lm9yZy9zb2Z0d2FyZS9jb3JldXRpbHMvbWFudWFsL2h0bWxfbm9kZS9EaXNhbWJp
Z3VhdGluZy1uYW1lcy1hbmQtSURzLmh0bWwKCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X19fX19fX19fX19fX19fX19fClhlbi1kZXZlbCBtYWlsaW5nIGxpc3QKWGVuLWRldmVsQGxpc3Rz
Lnhlbi5vcmcKaHR0cHM6Ly9saXN0cy54ZW4ub3JnL3hlbi1kZXZlbAo=