On Tue, 2016-01-26 at 17:15 +0000, Stefano Stabellini wrote:
> It is sufficient to create an empty save file, as returned by
> libxl__device_model_savefile, with the right owner, at domain creation
> time. Something like below:
>
> diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
> index a088d71..f908422 100644
> --- a/tools/libxl/libxl_dm.c
> +++ b/tools/libxl/libxl_dm.c
> @@ -1285,6 +1285,12 @@ end_search:
> if (user != NULL && strcmp(user, "root")) {
> flexarray_append(dm_args, "-runas");
> flexarray_append(dm_args, user);
> +
> + const char *filename = libxl__device_model_savefile(gc,
> guest_domid);
> + int fd = open(filename, O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK,
> 0600);
> + struct passwd *pw = getpwnam(user);
> + fchown(fd, pw->pw_uid, pw->pw_gid);
> + close(fd);
> }
> }
> flexarray_append(dm_args, NULL);
>
> This is another thing that would be easier to fix after Ian's privsep
> series, because we'll have a better place for this code.
Right.
In the meantime I think we should update at least docs/misc/qemu-
deprivilege.txt and probably docs/man/xl.cfg.pod.5:device_model_user to
mention the shortcomings of using these options if they are going to break
core functionality such as migration.
Would you knock up a patch please?
At the same time, I wonder if docs/misc/qemu-deprivilege.txt ought to move
to docs/features/ ?
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel
