From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1N63j5-0005As-Ex for qemu-devel@nongnu.org; Thu, 05 Nov 2009 09:54:15 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1N63j0-00057n-Aj for qemu-devel@nongnu.org; Thu, 05 Nov 2009 09:54:14 -0500 Received: from [199.232.76.173] (port=58290 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1N63j0-00057i-2l for qemu-devel@nongnu.org; Thu, 05 Nov 2009 09:54:10 -0500 Received: from e34.co.us.ibm.com ([32.97.110.152]:47141) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1N63iz-0001Wz-Jj for qemu-devel@nongnu.org; Thu, 05 Nov 2009 09:54:09 -0500 Received: from d03relay05.boulder.ibm.com (d03relay05.boulder.ibm.com [9.17.195.107]) by e34.co.us.ibm.com (8.14.3/8.13.1) with ESMTP id nA5En9h3002405 for ; Thu, 5 Nov 2009 07:49:09 -0700 Received: from d03av03.boulder.ibm.com (d03av03.boulder.ibm.com [9.17.195.169]) by d03relay05.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id nA5Erk5W151138 for ; Thu, 5 Nov 2009 07:53:47 -0700 Received: from d03av03.boulder.ibm.com (loopback [127.0.0.1]) by d03av03.boulder.ibm.com (8.14.3/8.13.1/NCO v10.0 AVout) with ESMTP id nA5Erj8f028332 for ; Thu, 5 Nov 2009 07:53:45 -0700 Message-ID: <4AF2E6F7.2010201@us.ibm.com> Date: Thu, 05 Nov 2009 08:53:43 -0600 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support for qemu References: <1257294485-27015-1-git-send-email-aliguori@us.ibm.com> <4AF2E247.3090409@redhat.com> <4AF2E2E3.1030600@redhat.com> <20091105144608.GB689@redhat.com> In-Reply-To: <20091105144608.GB689@redhat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: Mark McLoughlin , Arnd Bergmann , Juan Quintela , Dustin Kirkland , qemu-devel@nongnu.org, Michael Tsirkin , Avi Kivity Daniel P. Berrange wrote: > On Thu, Nov 05, 2009 at 04:36:19PM +0200, Avi Kivity wrote: > >> On 11/05/2009 04:33 PM, Avi Kivity wrote: >> >>> and concerned that we're loosening security for qemu non-users. >>> >>> >> I see you've addressed this via an acl system. Still, this is IMO >> should be outside qemu, esp. as security is now much more than >> users/groups (i.e. selinux and friends). >> > > IMHO this needs to hook into PolicyKit, since that is the access control > framework that is being standardized on across the desktop. It is quite > easy to work with - all you need do is provide a policy file, and to > authorize a user, you'd run the 'pkcheck' program and its exit status > gives the result. > Absolutely. I wanted to not have a hard dependency on PolicyKit to start out with but that's always been the plan. I'd like to eventually add an optional PolicyKit dependency and when that's available not even bother with the qemu acl file. The nice thing about PolicyKit is the desktop integration. It's a much better user experience to allow a user to be prompted to allow qemu to access a bridge vs. having to error out to the user and tell them to muck with a config file. -- Regards, Anthony Liguori