From: Lutz Vieweg <lvml@5t9.de>
To: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH v7 0/4] -net bridge: rootless bridge support for qemu
Date: Wed, 04 Jan 2012 18:49:15 +0100 [thread overview]
Message-ID: <je23er$lod$1@dough.gmane.org> (raw)
In-Reply-To: <1325697541-2535-1-git-send-email-coreyb@linux.vnet.ibm.com>
On 01/04/2012 06:18 PM, Corey Bryant wrote:
> With qemu it is possible to run a guest from an unprivileged user but if
> we wanted to communicate with the outside world we had to switch
> to root.
>
> We address this problem by introducing a new network backend and a new
> network option for -net tap.
I appreciate the effort you've invested to implement this
work-around.
But I wonder if there isn't a much simpler, and straight-forward method:
tap devices, theoretically, already have a "group" assigned to them
(as well as a "user"). Currently it seems, though, that the "group"
is basically ignored and has no actual influence on who may access
a tap device and how. (If "tunctl -p -u username -g groupname -t tapX"
was used to create a tap device, the "username" can access it, but
not members of "groupname" - for no obvious reasons.)
If that was changed, and the "group" was actually honored, the problem
would collapse into root needing to create at boot time a useful amount
of tap devices attached to whatever bridge appropriate, and assigning
the group such that users who should be entitled to use those devices
are members of those groups.
Then qemu (started as a user) would just need to iterate through the available tap-devices
to find one that is unused (if not specified by name) and belongs a
group the user is member of.
Isn't that much more the "unix"-way, not requiring additional ACLs,
not requiring any additional tools being run, not requiring any
exploit-prone suid executables?
Regards,
Lutz Vieweg
prev parent reply other threads:[~2012-01-04 17:49 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-04 17:18 [Qemu-devel] [PATCH v7 0/4] -net bridge: rootless bridge support for qemu Corey Bryant
2012-01-04 17:18 ` [Qemu-devel] [PATCH v7 1/4] Add basic version of bridge helper Corey Bryant
2012-01-04 17:18 ` [Qemu-devel] [PATCH v7 2/4] Add access control support to qemu " Corey Bryant
2012-01-04 17:19 ` [Qemu-devel] [PATCH v7 3/4] Add cap reduction support to enable use as SUID Corey Bryant
2012-01-04 17:19 ` [Qemu-devel] [PATCH v7 4/4] Add support for net bridge Corey Bryant
2012-01-04 17:49 ` Lutz Vieweg [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='je23er$lod$1@dough.gmane.org' \
--to=lvml@5t9.de \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).