From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from [140.186.70.92] (port=56096 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1Q6ke1-0007Y3-Gz
	for qemu-devel@nongnu.org; Mon, 04 Apr 2011 10:20:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1Q6kdx-0008QX-FY
	for qemu-devel@nongnu.org; Mon, 04 Apr 2011 10:20:40 -0400
Received: from e7.ny.us.ibm.com ([32.97.182.137]:46254)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <aliguori@us.ibm.com>) id 1Q6kdx-0008P1-8Y
	for qemu-devel@nongnu.org; Mon, 04 Apr 2011 10:20:37 -0400
Received: from d01dlp02.pok.ibm.com (d01dlp02.pok.ibm.com [9.56.224.85])
	by e7.ny.us.ibm.com (8.14.4/8.13.1) with ESMTP id p34DwsUK028196
	for <qemu-devel@nongnu.org>; Mon, 4 Apr 2011 09:58:55 -0400
Received: from d01relay04.pok.ibm.com (d01relay04.pok.ibm.com [9.56.227.236])
	by d01dlp02.pok.ibm.com (Postfix) with ESMTP id BA10A6E803F
	for <qemu-devel@nongnu.org>; Mon,  4 Apr 2011 10:20:32 -0400 (EDT)
Received: from d03av06.boulder.ibm.com (d03av06.boulder.ibm.com [9.17.195.245])
	by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	p34EJcGH144286
	for <qemu-devel@nongnu.org>; Mon, 4 Apr 2011 10:19:49 -0400
Received: from d03av06.boulder.ibm.com (loopback [127.0.0.1])
	by d03av06.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP
	id p34EOWCD028627
	for <qemu-devel@nongnu.org>; Mon, 4 Apr 2011 08:24:33 -0600
Message-ID: <4D99D378.8030206@us.ibm.com>
Date: Mon, 04 Apr 2011 09:19:36 -0500
From: Anthony Liguori <aliguori@us.ibm.com>
MIME-Version: 1.0
Subject: Re: [libvirt] [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host
	CD-ROM after media change
References: <1301425482-8722-1-git-send-email-stefanha@linux.vnet.ibm.com>
	<1301425482-8722-4-git-send-email-stefanha@linux.vnet.ibm.com>
	<BANLkTik1LNYoJ6O2C+bPM80LBx8bGnr+uw@mail.gmail.com>
	<BANLkTi=SY7pbELSnkULR4fL-C3uOUehoWg@mail.gmail.com>
	<BANLkTim8amWSQFisovA18YbDMoe8oyNVrg@mail.gmail.com>
	<20110404104753.GX13616@redhat.com> <4D99C162.7060706@us.ibm.com>
	<20110404131639.GB13616@redhat.com>
In-Reply-To: <20110404131639.GB13616@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>, Juan Quintela <quintela@redhat.com>, libvir-list@redhat.com, Stefan Hajnoczi <stefanha@gmail.com>, qemu-devel@nongnu.org, Blue Swirl <blauwirbel@gmail.com>

On 04/04/2011 08:16 AM, Daniel P. Berrange wrote:
> That doesn't really have any impact. If a desktop user is logged
> in, udev may change the ownership to match that user, but if they
> aren't, then udev may reset it to root:disk. Either way, QEMU
> may loose permissions to the disk.

Then if you create a guest without being in the 'disk' group, it'll 
fail.  That's pretty expected AFAICT.

But with libvirt today, when you launch a guest, your security context 
doesn't matter and there's no way you can control what context the guest 
gets.  libvirt is essentially creating it's own authorization 
mechanism.  Supporting ACLs goes much further down that path.

>> How much of a leap would it be to spawn a guest with the credentials
>> of the user that created/defined it?  Or better yet, to let the user
>> be specified in the XML.
> That's a completely independent RFE which won't fix this issue in
> the general case.

I think it really does.

Regards,

Anthony Liguori

> Regards,
> Daniel