From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KteDi-0004FF-9s for qemu-devel@nongnu.org; Sat, 25 Oct 2008 04:10:02 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KteDh-0004F0-GQ for qemu-devel@nongnu.org; Sat, 25 Oct 2008 04:10:01 -0400 Received: from [199.232.76.173] (port=36221 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KteDh-0004Ex-D8 for qemu-devel@nongnu.org; Sat, 25 Oct 2008 04:10:01 -0400 Received: from mx20.gnu.org ([199.232.41.8]:60214) by monty-python.gnu.org with esmtps (TLS-1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1KteDg-0002PT-Rx for qemu-devel@nongnu.org; Sat, 25 Oct 2008 04:10:00 -0400 Received: from rv-out-0708.google.com ([209.85.198.245]) by mx20.gnu.org with esmtp (Exim 4.60) (envelope-from ) id 1KteDf-0006HM-Ii for qemu-devel@nongnu.org; Sat, 25 Oct 2008 04:09:59 -0400 Received: by rv-out-0708.google.com with SMTP id f25so1124117rvb.22 for ; Sat, 25 Oct 2008 01:09:58 -0700 (PDT) Message-ID: Date: Sat, 25 Oct 2008 11:09:58 +0300 From: "Blue Swirl" Subject: Re: [Qemu-devel] [PATCH] Re: option to have qemu chroot() into the target filesystem In-Reply-To: <200810241806.10698.rob@landley.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20081024092129.GA5952@mx.loc> <200810241806.10698.rob@landley.net> Reply-To: qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: 415996@bugs.debian.org On 10/25/08, Rob Landley wrote: > On Friday 24 October 2008 04:21:29 Bernhard Reutner-Fischer wrote: > > A patch was in this thread: > > http://www.mail-archive.com/qemu-devel@nongnu.org/msg16297.html > > > > Rob promised to respin it tomorrow and resend it in to the list. > > thanks > > The debian bug report in question is: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415996 > > I checked and the old patch still applies cleanly (well, with an offset, but > no fuzz). I applied it and then did an svn diff, the result of which is > attached. (As with all svn diffs, it applies with "patch -p0 -i blah.patch") > > It's actually a very simple patch, which does this: > > A) Teach qemu-$TARGET to do a chdir() plus chroot() in response to a -chroot > command line option. > > B) Because A) requires root access, teach qemu-$TARGET to change uid and gid > via a -su option (and set both the real and effective user IDs so it's > actually dropping priviledges). Because the UID change happens at argument parse stage, doesn't the chrooting fail if the -su option is specified in the command line before -chroot?