From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=57624 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q6jQr-00014m-D8 for qemu-devel@nongnu.org; Mon, 04 Apr 2011 09:03:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q6jQS-00029m-Le for qemu-devel@nongnu.org; Mon, 04 Apr 2011 09:02:41 -0400 Received: from e5.ny.us.ibm.com ([32.97.182.145]:34124) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q6jQS-00029W-JN for qemu-devel@nongnu.org; Mon, 04 Apr 2011 09:02:36 -0400 Received: from d01dlp01.pok.ibm.com (d01dlp01.pok.ibm.com [9.56.224.56]) by e5.ny.us.ibm.com (8.14.4/8.13.1) with ESMTP id p34CaTvc025124 for ; Mon, 4 Apr 2011 08:36:55 -0400 Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by d01dlp01.pok.ibm.com (Postfix) with ESMTP id C734238C803E for ; Mon, 4 Apr 2011 09:02:26 -0400 (EDT) Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170]) by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p34D2X9L470300 for ; Mon, 4 Apr 2011 09:02:33 -0400 Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1]) by d03av04.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p34D2UNd014065 for ; Mon, 4 Apr 2011 07:02:31 -0600 Message-ID: <4D99C162.7060706@us.ibm.com> Date: Mon, 04 Apr 2011 08:02:26 -0500 From: Anthony Liguori MIME-Version: 1.0 Subject: Re: [libvirt] [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change References: <1301425482-8722-1-git-send-email-stefanha@linux.vnet.ibm.com> <1301425482-8722-4-git-send-email-stefanha@linux.vnet.ibm.com> <20110404104753.GX13616@redhat.com> In-Reply-To: <20110404104753.GX13616@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" Cc: Kevin Wolf , Stefan Hajnoczi , Juan Quintela , libvir-list@redhat.com, Stefan Hajnoczi , qemu-devel@nongnu.org, Blue Swirl On 04/04/2011 05:47 AM, Daniel P. Berrange wrote: >> I'm hoping libvirt's behavior can be made to just work rather than >> adding new features to QEMU. But perhaps passing file descriptors is >> useful for more than just reopening host devices. This would >> basically be a privilege separation model where the QEMU process isn't >> able to open files itself but can request libvirt to open them on its >> behalf. > It is rather frickin' annoying the way udev resets the ownership > when the media merely changes. If it isn't possible to stop udev > doing this, then i think the only practical thing is to use ACLs > instead of user/group ownership. We wanted to switch to ACLs in > libvirt for other reasons already, but it isn't quite as simple > as it sounds[1] so we've not done it just yet. Isn't the root of the problem that you're not running a guest in the expected security context? How much of a leap would it be to spawn a guest with the credentials of the user that created/defined it? Or better yet, to let the user be specified in the XML. Regards, Anthony Liguori > Daniel > > [1] Mostly due to handling upgrades from existing libvirtd while > VMs are running, and coping with filesystems which don't > support ACLs (or have them turned of by mount options)