From: Blue Swirl <blauwirbel@gmail.com>
To: Anthony Liguori <anthony@codemonkey.ws>
Cc: Kevin Wolf <kwolf@redhat.com>,
Anthony Liguori <aliguori@us.ibm.com>,
Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>,
Juan Quintela <quintela@redhat.com>,
libvir-list@redhat.com, Stefan Hajnoczi <stefanha@gmail.com>,
qemu-devel@nongnu.org
Subject: Re: [libvirt] [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change
Date: Mon, 4 Apr 2011 19:38:51 +0300 [thread overview]
Message-ID: <BANLkTikC_nYqVL0M7_YAEXCxXsSJJhLAkg@mail.gmail.com> (raw)
In-Reply-To: <4D99D920.1040800@codemonkey.ws>
On Mon, Apr 4, 2011 at 5:43 PM, Anthony Liguori <anthony@codemonkey.ws> wrote:
> On 04/04/2011 09:26 AM, Daniel P. Berrange wrote:
>>
>> On Mon, Apr 04, 2011 at 09:19:36AM -0500, Anthony Liguori wrote:
>>>
>>> On 04/04/2011 08:16 AM, Daniel P. Berrange wrote:
>>>>
>>>> That doesn't really have any impact. If a desktop user is logged
>>>> in, udev may change the ownership to match that user, but if they
>>>> aren't, then udev may reset it to root:disk. Either way, QEMU
>>>> may loose permissions to the disk.
>>>
>>> Then if you create a guest without being in the 'disk' group, it'll
>>> fail. That's pretty expected AFAICT.
>>
>> We don't *ever* want to put QEMU in the 'disk' group because
>> that gives it access to any disk on the system in general.
>
> If that's what the user wants to do, what's the problem with doing it?
>
> Setting the global user/group is not enough because just because you have
> one VM that you want in disk doesn't mean you want all of them in disk.
Privilege separated QEMU sounds so interesting that I'd go for that
direction. There could be helper processes which retain privileges and
communicate with the main unprivileged QEMU with only file
descriptors. The helpers could even execute setgid disk group
re-opener for the CD-ROM case, or ask libvirt to do the reopen. For
unprivileged QEMU part it wouldn't matter, all it sees are the
descriptors.
next prev parent reply other threads:[~2011-04-04 16:39 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-29 19:04 [Qemu-devel] [PATCH v2 0/3] block: Correct size across CD-ROM media change Stefan Hajnoczi
2011-03-29 19:04 ` [Qemu-devel] [PATCH v2 1/3] trace: Trace bdrv_set_locked() Stefan Hajnoczi
2011-03-29 19:04 ` [Qemu-devel] [PATCH v2 2/3] block: Do not cache device size for removable media Stefan Hajnoczi
2011-03-29 19:04 ` [Qemu-devel] [PATCH v2 3/3] raw-posix: Re-open host CD-ROM after media change Stefan Hajnoczi
2011-03-31 10:05 ` [Qemu-devel] " Kevin Wolf
2011-04-01 14:09 ` Stefan Hajnoczi
2011-04-03 11:57 ` [Qemu-devel] " Stefan Hajnoczi
2011-04-03 13:12 ` Blue Swirl
2011-04-03 18:06 ` Stefan Hajnoczi
2011-04-04 10:47 ` [libvirt] " Daniel P. Berrange
2011-04-04 12:58 ` Stefan Hajnoczi
2011-04-04 13:02 ` Anthony Liguori
2011-04-04 13:16 ` Daniel P. Berrange
2011-04-04 14:19 ` Anthony Liguori
2011-04-04 14:26 ` Daniel P. Berrange
2011-04-04 14:43 ` Anthony Liguori
2011-04-04 16:38 ` Blue Swirl [this message]
2011-04-04 13:22 ` Avi Kivity
2011-04-04 13:38 ` Anthony Liguori
2011-04-04 13:49 ` Avi Kivity
2011-04-04 15:09 ` Stefan Hajnoczi
2011-04-04 15:11 ` Avi Kivity
2011-04-05 6:41 ` Amit Shah
2011-04-05 7:48 ` Avi Kivity
2011-04-05 8:09 ` Amit Shah
2011-04-05 9:00 ` Avi Kivity
2011-04-05 9:12 ` Amit Shah
2011-04-05 9:17 ` Avi Kivity
2011-04-05 9:26 ` Amit Shah
2011-04-06 8:07 ` Amit Shah
2011-04-05 8:40 ` Stefan Hajnoczi
2011-04-05 8:58 ` Amit Shah
2011-04-04 17:54 ` David Ahern
2011-04-05 5:33 ` Stefan Hajnoczi
2011-04-05 5:42 ` David Ahern
2011-04-05 12:41 ` Stefan Hajnoczi
2011-03-30 8:33 ` [Qemu-devel] [PATCH v2 0/3] block: Correct size across CD-ROM " Markus Armbruster
2011-03-30 10:06 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=BANLkTikC_nYqVL0M7_YAEXCxXsSJJhLAkg@mail.gmail.com \
--to=blauwirbel@gmail.com \
--cc=aliguori@us.ibm.com \
--cc=anthony@codemonkey.ws \
--cc=kwolf@redhat.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=quintela@redhat.com \
--cc=stefanha@gmail.com \
--cc=stefanha@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).