> On Nov 29, 2018, at 5:09 PM, Ian Jackson wrote:
>
> George Dunlap writes ("Re: [PATCH 5/9] libxl: Do root checks once in
> libxl__domain_get_device_model_uid"):
>>> On Nov 28, 2018, at 4:39 PM, Ian Jackson wrote:
>>> I know that in the hypervisor this kind of thing is tolerated (wrongly
>>>
George Dunlap writes ("Re: [PATCH 5/9] libxl: Do root checks once in
libxl__domain_get_device_model_uid"):
> > On Nov 28, 2018, at 4:39 PM, Ian Jackson wrote:
> > I know that in the hypervisor this kind of thing is tolerated (wrongly
> > IMO) but can we please not have it here.
>
> It is a bit s
> On Nov 28, 2018, at 4:39 PM, Ian Jackson wrote:
>
> George Dunlap writes ("[PATCH 5/9] libxl: Do root checks once in
> libxl__domain_get_device_model_uid"):
>> At the moment, we check for equivalence to literal "root" before
>> deciding whether to add the `runas` command-line option to QEMU.
George Dunlap writes ("[PATCH 5/9] libxl: Do root checks once in
libxl__domain_get_device_model_uid"):
> At the moment, we check for equivalence to literal "root" before
> deciding whether to add the `runas` command-line option to QEMU. This
> is unsatisfactory for several reasons.
I was in two
At the moment, we check for equivalence to literal "root" before
deciding whether to add the `runas` command-line option to QEMU. This
is unsatisfactory for several reasons.
First, just because the string doesn't match "root" doesn't mean the
final uid won't end up being zero; in particular, the