Re: [Qemu-discuss] manipulating raw disk image as non-root user

[Tony Su]

 Without knowing exactly what your app is, and what are its
requirements it's hard to propose something specific.

A small FYI -
I've been looking at several things recently that in general terms
might be considered to solve your problem, but without more detail I'd
be shooting in the dark.

Possible Solution 1
I've been looking at Docker recently, very recent new features allow a
person to do some really powerful things, and many are in combination
with other virtual technologies like QEMU. Docker has become a way to
create a PAAS using LXC (Linux Containers). it's now much easier to
create both "full OS" image-based containers and also "App specific"
containers. The latter is similar in concept with Terminal Service
Application Mode if you're familiar with that... It's the idea that
within a given OS you can deploy an App in an isolated "virtual"
instance on demand and without a normal installation. From a Dev point
of view, this allows you to deploy an app (eg based on a Jenkins
build) as its own fully contained instance with dependencies and when
you "stop" the app, the app and its dependencies disappear, leaving
the OS "clean."

Possible Solution 2
As I described in my earlier post, rights and permissions to
accomplish tasks are generally managed by Security Groups. You just
need to make your User account a member of the appropriate Security
Group (which may or may not be root). If you do this, to minimize
security issues as much as possible you should probably create a
special User account that isn't ordinarily used to Login. In the
Windows world, this would be called a Service account. The idea here
is that unlike Kris' suggestion, you don't need two separate processes
to accomplish tasks requiring different permissions... Use one account
and grant it all the permissions that are needed.

Possible Solution 3
I've been intrigued by a recent article I read about using nodemon in
nodejs. Basically, an app is launched configured with the contents of
a particular folder. When the contents of the folder changes, nodemon
automatically re-builds and re-launches the app based on the changed
folder contents.

All of the above are different solutions in different technologies
with a common thread... Deploying an app as dynamically as possible
for staging or production with minimal effort and if possible remove
all vestiges when the app is stopped.. Maybe one or more might be
relevant to finding a solution to your app. If your app is using a
technology different than the above, maybe you can find an equivalent
for the code you're working with.

I also doubt that you should need to do all the functions you list. I
myself create a base image to use as a deployment target and clone it
as many times as I need to test each version of code. I would not want
to build something from scratch every time unless that is the actual
code being tested.

HTH,
Tony

On Sat, Aug 2, 2014 at 9:55 PM, Kris <address@hidden> wrote:
> I have a solution, but it seems a little complex: you can run a program
> (service A), and it provide some restful API. Then when Jenkins call your
> script, and your script call service API. Last, service A do what you want
> as root user.
>
>
> Best regards,
> Kris
>
> 在 2014年8月3日，下午12:42，Dallas Clement <address@hidden> 写道：
>
>
> On Sat, Aug 2, 2014 at 11:30 PM, Kris <address@hidden> wrote:
>>
>> How about to use sudo to run it.
>>
>> Best regards,
>> Kris
>>
>> 在 2014年8月3日，上午10:05，Dallas Clement <address@hidden> 写道：
>>
>> On Sat, Aug 2, 2014 at 8:46 PM, Dale R. Worley <address@hidden>
>> wrote:
>>>
>>> > From: Dallas Clement <address@hidden>
>>> >
>>> > I would like to be able to create, partition, format, mount, and
>>> > populate a
>>> > raw disk image file as a non-root user.  I am able to create the image
>>> > file
>>> > with dd and partition it with parted as a non-root user.  I have not
>>> > figured out a way to format, mount, and populate it as a non-root user.
>>> >  Tools such as losetup and kpartx seem perfect for the task, but
>>> > unfortunately require root.
>>> >
>>> > Is it possible to do what I want with qemu?
>>>
>>> Since you can run Qemu as a non-root user, and you can present an
>>> arbitrary file to it as a disk, it seems that you should be able to
>>> use the standard disk tools within a Qemu guest to do what you want.
>>>
>>> Dale
>>
>>
>> Thanks Dale.  I was hoping I could do something like this.  I'll explore
>> that further.
>>
>> > Why do you wish to avoid root?
>>
>> Tony, I am wanting to run as non-root because it is my Jenkins
>> build-server that will be doing all of this which needs to run as non-root
>> for security sake.  I want the last stage of my build to produce a uSD card
>> image.
>>
>> How about to use sudo to run it.
>
> Can't do that unfortunately.  It's still elevated privileges.  Jenkins won't
> allow it.