I tend to agree with you and the discussion on the other bug that I don't see that preventing read-access to the running kernel gives any security at all.
On the other hand I don't see any reason that specifically virt-bulider need that read-access and should/could be designed to work without that read-access. I don't know much of the design of virt-builder and wonder why does virt-builder need read-access to the running kernel at all? At first glance this seems like a bad software design. I don't think that all the other tools for building VMs (vagrant vmware, virtualbox, obsolete vmbuilder) need that. Anyway, if the kernel team insists on blocking read-access, which it seems like they do, I think a more proper solution design would be to make a small helper program (shipped with this package) that can read the running kernel via SUID on that small helper program that does only one thing (read the kernel). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1813662 Title: Cannot build VM To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libguestfs/+bug/1813662/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
