From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1NLGMw-0008PZ-H5
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 08:26:14 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1NLGMr-0008Ja-Ny
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 08:26:14 -0500
Received: from [199.232.76.173] (port=33060 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1NLGMr-0008It-8E
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 08:26:09 -0500
Received: from mail2.shareable.org ([80.68.89.115]:38233)
	by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.60) (envelope-from <jamie@shareable.org>) id 1NLGMq-0004v4-Ka
	for qemu-devel@nongnu.org; Thu, 17 Dec 2009 08:26:09 -0500
Date: Thu, 17 Dec 2009 13:26:06 +0000
From: Jamie Lokier <jamie@shareable.org>
Subject: Re: [Qemu-devel] [PATCH VERSION 3] Disk image exclusive and shared
	locks.
Message-ID: <20091217132606.GB24967@shareable.org>
References: <20091215164238.GA24410@amd.home.annexia.org>
	<20091215183345.GA21298@shareable.org>
	<4B28B876.6000905@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B28B876.6000905@redhat.com>
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: "Richard W.M. Jones" <rjones@redhat.com>, qemu-devel@nongnu.org

Kevin Wolf wrote:
> > You might think the user could do that by setting the permissions to
> > read-only, but root ignores file permissions.  (That's why we need a
> > "ro" option too).
> 
> We do have readonly=on|off.

Sure, but if you have to do that for safe behaviour when running qemu
as root, and you don't need it when running qemu as a user because you
get into the habit of depending on file permissions, that's asking for
an accident to happen.

I know this, because I have accidentally opened read-only images
writable when putting "sudo" at the start of a qemu command to make
something completely unrelated work (networking).

Imho, the open-writable-if-permissions-allow-else-fallback-to-readable
behaviour should either be abolished entirely (not such a bad idea),
or be made to behave consistently no matter what user is used to run qemu.

-- Jamie