From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:37685)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TBV20-00026P-N1
	for qemu-devel@nongnu.org; Tue, 11 Sep 2012 14:17:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TBV1y-000101-Rn
	for qemu-devel@nongnu.org; Tue, 11 Sep 2012 14:17:52 -0400
Received: from e7.ny.us.ibm.com ([32.97.182.137]:45332)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <coreyb@linux.vnet.ibm.com>) id 1TBV1y-0000zQ-Nk
	for qemu-devel@nongnu.org; Tue, 11 Sep 2012 14:17:50 -0400
Received: from /spool/local
	by e7.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only!
	Violators will be prosecuted
	for <qemu-devel@nongnu.org> from <coreyb@linux.vnet.ibm.com>;
	Tue, 11 Sep 2012 14:17:46 -0400
Received: from d01relay05.pok.ibm.com (d01relay05.pok.ibm.com [9.56.227.237])
	by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 4C4EA38C806C
	for <qemu-devel@nongnu.org>; Tue, 11 Sep 2012 14:17:43 -0400 (EDT)
Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167])
	by d01relay05.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id
	q8BIHgPp161680
	for <qemu-devel@nongnu.org>; Tue, 11 Sep 2012 14:17:42 -0400
Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1])
	by d03av01.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP
	id q8BIDf4W023639
	for <qemu-devel@nongnu.org>; Tue, 11 Sep 2012 12:13:42 -0600
Message-ID: <504F7F52.2010809@linux.vnet.ibm.com>
Date: Tue, 11 Sep 2012 14:13:38 -0400
From: Corey Bryant <coreyb@linux.vnet.ibm.com>
MIME-Version: 1.0
References: <1345068639-19528-1-git-send-email-mhcerri@linux.vnet.ibm.com>
In-Reply-To: <1345068639-19528-1-git-send-email-mhcerri@linux.vnet.ibm.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [libvirt] [PATCH v4 0/5] Per-guest configurable
 user/group for QEMU processes
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: berrange@redhat.com, mprivozn@redhat.com
Cc: Anthony Liguori <aliguori@us.ibm.com>, bryntcor@us.ibm.com, libvir-list@redhat.com, Marcelo Cerri <mhcerri@linux.vnet.ibm.com>, qemu-devel <qemu-devel@nongnu.org>, gcwilson@us.ibm.com, eblake@redhat.com

Are there any other requirements that need to be taken care of to enable 
execution of QEMU guests under separate unprivileged user IDs (ie. DAC 
isolation)?

At this point, this patch series (Per-guest configurable user/group for 
QEMU processes) is upstream, allowing libvirt to execute guests under 
separate unprivileged user IDs.  Additionally, the QEMU bridge helper 
series is upstream, allowing QEMU to allocate a tap device and attach it 
to a bridge when run under an unprivileged user ID 
(http://www.redhat.com/archives/libvir-list/2012-August/msg00277.html).

Is there any other feature in QEMU that requires QEMU to be run as root?

-- 
Regards,
Corey

On 08/15/2012 06:10 PM, Marcelo Cerri wrote:
> This is a v4 patch series that updates the libvirt's security driver mechanism to support per-guest configurable user and group for QEMU processes running together with other security drivers, such as SELinux and AppArmor.
>
> Marcelo Cerri (5):
>    Internal refactory of data structures
>    Multiple security drivers in XML data
>    Update security layer to handle many security labels
>    Support for multiple default security drivers in QEMU config
>    Update the remote API
>
>   daemon/remote.c                                    |   63 ++++
>   docs/formatdomain.html.in                          |   11 +-
>   docs/schemas/capability.rng                        |   18 +-
>   docs/schemas/domaincommon.rng                      |   30 ++-
>   include/libvirt/libvirt.h.in                       |    2 +
>   python/generator.py                                |    1 +
>   src/conf/capabilities.c                            |   17 +-
>   src/conf/capabilities.h                            |    6 +-
>   src/conf/domain_audit.c                            |   14 +-
>   src/conf/domain_conf.c                             |  343 +++++++++++++++-----
>   src/conf/domain_conf.h                             |   20 +-
>   src/driver.h                                       |    4 +
>   src/libvirt.c                                      |   47 +++
>   src/libvirt_private.syms                           |    5 +
>   src/libvirt_public.syms                            |    1 +
>   src/lxc/lxc_conf.c                                 |    8 +-
>   src/lxc/lxc_controller.c                           |    8 +-
>   src/lxc/lxc_driver.c                               |   11 +-
>   src/lxc/lxc_process.c                              |   23 +-
>   src/qemu/qemu.conf                                 |    6 +-
>   src/qemu/qemu_conf.c                               |   38 ++-
>   src/qemu/qemu_conf.h                               |    2 +-
>   src/qemu/qemu_driver.c                             |  218 +++++++++++---
>   src/qemu/qemu_process.c                            |   50 ++-
>   src/remote/remote_driver.c                         |   46 +++
>   src/remote/remote_protocol.x                       |   17 +-
>   src/remote_protocol-structs                        |   11 +
>   src/security/security_apparmor.c                   |  118 +++++--
>   src/security/security_dac.c                        |  324 +++++++++++++++++--
>   src/security/security_manager.c                    |  101 +++++--
>   src/security/security_manager.h                    |    8 +-
>   src/security/security_selinux.c                    |  263 +++++++++++-----
>   src/security/security_stack.c                      |  237 +++++++++-----
>   src/security/security_stack.h                      |   13 +
>   src/test/test_driver.c                             |   11 +-
>   .../qemuxml2argv-seclabel-dynamic-override.xml     |    4 +-
>   .../qemuxml2argv-seclabel-dynamic.xml              |    2 +-
>   37 files changed, 1653 insertions(+), 448 deletions(-)
>
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>