On Thu, 9 Jul 2015, Ian Campbell wrote:
> On Wed, 2015-07-01 at 13:50 +0100, Stefano Stabellini wrote:
>
> > @@ -878,6 +908,33 @@ static char **
> > libxl__build_device_model_args_new(libxl__gc *gc,
> > default:
> > break;
> > }
> > +
> > +if (b_info->device
On Thu, 2015-07-09 at 17:14 -0600, Jim Fehlig wrote:
> On 07/09/2015 04:34 AM, Ian Campbell wrote:
> > On Wed, 2015-07-01 at 15:03 -0600, Jim Fehlig wrote:
> >> Perhaps. But thanks for providing a way (b_info->device_model_user) for
> >> apps to
> >> override the libxl policy.
> > You mentioned i
On 07/09/2015 04:34 AM, Ian Campbell wrote:
On Wed, 2015-07-01 at 15:03 -0600, Jim Fehlig wrote:
Perhaps. But thanks for providing a way (b_info->device_model_user) for apps to
override the libxl policy.
You mentioned in v5 that libvirt supports setting both the user and the
group and that the
On Wed, 2015-07-01 at 15:03 -0600, Jim Fehlig wrote:
> Perhaps. But thanks for providing a way (b_info->device_model_user) for apps
> to
> override the libxl policy.
You mentioned in v5 that libvirt supports setting both the user and the
group and that the qemu driver supports that. How does th
On Wed, 2015-07-01 at 13:50 +0100, Stefano Stabellini wrote:
> @@ -878,6 +908,33 @@ static char **
> libxl__build_device_model_args_new(libxl__gc *gc,
> default:
> break;
> }
> +
> +if (b_info->device_model_user) {
> +user = b_info->device_model_
On 07/01/2015 09:34 AM, Stefano Stabellini wrote:
On Wed, 1 Jul 2015, Dario Faggioli wrote:
On Wed, 2015-07-01 at 13:50 +0100, Stefano Stabellini wrote:
--- /dev/null
+++ b/docs/misc/qemu-deprivilege.txt
@@ -0,0 +1,31 @@
+For security reasons, libxl tries to pass a non-root username to QEMU as
On Wed, 1 Jul 2015, Dario Faggioli wrote:
> On Wed, 2015-07-01 at 13:50 +0100, Stefano Stabellini wrote:
> > --- /dev/null
> > +++ b/docs/misc/qemu-deprivilege.txt
> > @@ -0,0 +1,31 @@
> > +For security reasons, libxl tries to pass a non-root username to QEMU as
> > +argument. During initialization
On Wed, 2015-07-01 at 13:50 +0100, Stefano Stabellini wrote:
> --- /dev/null
> +++ b/docs/misc/qemu-deprivilege.txt
> @@ -0,0 +1,31 @@
> +For security reasons, libxl tries to pass a non-root username to QEMU as
> +argument. During initialization QEMU calls setuid and setgid with the
> +user ID and
