From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1N6tWW-0001Qo-CC
	for qemu-devel@nongnu.org; Sat, 07 Nov 2009 17:12:44 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1N6tWR-0001N5-Q1
	for qemu-devel@nongnu.org; Sat, 07 Nov 2009 17:12:43 -0500
Received: from [199.232.76.173] (port=45261 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1N6tWR-0001Mx-FQ
	for qemu-devel@nongnu.org; Sat, 07 Nov 2009 17:12:39 -0500
Received: from mail-yx0-f188.google.com ([209.85.210.188]:55851)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <anthony@codemonkey.ws>) id 1N6tWR-0008Dv-7w
	for qemu-devel@nongnu.org; Sat, 07 Nov 2009 17:12:39 -0500
Received: by yxe26 with SMTP id 26so1754460yxe.4
	for <qemu-devel@nongnu.org>; Sat, 07 Nov 2009 14:12:38 -0800 (PST)
Message-ID: <4AF5F0D4.4070800@codemonkey.ws>
Date: Sat, 07 Nov 2009 16:12:36 -0600
From: Anthony Liguori <anthony@codemonkey.ws>
MIME-Version: 1.0
Subject: Re: [Qemu-devel] [PATCH 0/4] net-bridge: rootless bridge support
	for qemu
References: <1257294485-27015-1-git-send-email-aliguori@us.ibm.com>
	<4AF5413F.3020301@redhat.com> <4AF57F13.3040109@codemonkey.ws>
	<200911072250.39440.arnd@arndb.de>
In-Reply-To: <200911072250.39440.arnd@arndb.de>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Arnd Bergmann <arnd@arndb.de>
Cc: Mark McLoughlin <markmc@redhat.com>, Anthony Liguori <aliguori@us.ibm.com>, Arnd Bergmann <arndbergmann@googlemail.com>, Dustin Kirkland <kirkland@canonical.com>, Juan Quintela <quintela@redhat.com>, qemu-devel@nongnu.org, Michael Tsirkin <mst@redhat.com>, Avi Kivity <avi@redhat.com>

Arnd Bergmann wrote:
> Well, the difference matters from a security perspective. The sudo
> script that Avi suggested just means that you can guarantee you don't
> introduce any security holes through a suid executable. Fortunately,
> it does not impact the contents of your helper either, only the
> installation. You could even be clever in qemu and use call the helper
> using sudo if qemu is running as unpriviledged user and the helper is
> not a suid file.
>   

Or just use fscaps and not even work about suid :-)  That's the 
preferred model.

Regards,

Anthony Liguori