1. 12 12月, 2019 2 次提交
    • A
      travis: Update name for Ubuntu 18.04 image · 5aab9413
      Andrea Bolognani 提交于
      The corresponding libvirt-jenkins-ci commit is f289e64a5fd9.
      Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
      5aab9413
    • D
      qemu: keep capabilities when running QEMU as root · 19023562
      Daniel P. Berrangé 提交于
      When QEMU uid/gid is set to non-root this is pointless as if we just
      used a regular setuid/setgid call, the process will have all its
      capabilities cleared anyway by the kernel.
      
      When QEMU uid/gid is set to root, this is almost (always?) never
      what people actually want. People make QEMU run as root in order
      to access some privileged resource that libvirt doesn't support
      yet and this often requires capabilities. As a result they have
      to go find the qemu.conf param to turn this off. This is not
      viable for libguestfs - they want to control everything via the
      XML security label to request running as root regardless of the
      qemu.conf settings for user/group.
      
      Clearing capabilities was implemented originally because there
      was a proposal in Fedora to change permissions such that root,
      with no capabilities would not be able to compromise the system.
      ie a locked down root account. This never went anywhere though,
      and as a result clearing capabilities when running as root does
      not really get us any security benefit AFAICT. The root user
      can easily do something like create a cronjob, which will then
      faithfully be run with full capabilities, trivially bypassing
      the restriction we place.
      
      IOW, our clearing of capabilities is both useless from a security
      POV, and breaks valid use cases when people need to run as root.
      
      This removes the clear_emulator_capabilities configuration
      option from qemu.conf, and always runs QEMU with capabilities
      when root.  The behaviour when non-root is unchanged.
      Reviewed-by: NCole Robinson <crobinso@redhat.com>
      Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      19023562
  2. 11 12月, 2019 27 次提交
  3. 10 12月, 2019 11 次提交