Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2

From:	Anthony Liguori
Subject:	Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2
Date:	Tue, 07 Jul 2009 17:58:05 -0500
User-agent:	Thunderbird 2.0.0.21 (X11/20090320)

Stuart Brady wrote:

On Wed, Jul 01, 2009 at 07:31:53PM +0100, Bique Alexandre wrote:

I updated my patch according to your previous comments.

Changes from my previous version:
 - split the big patch in 5 patches.
 - not exporting any private structure
 - switched to SG_IO and brdv_aio_ioctl()
 - not including linux/cdrom.h or linux/bsg.h
 - got some stuff like defines and request_sense structure from linux/cdrom.h

Forgive my ignorance, but does ATAPI passthrough have any securityimplications that should be documented?


I expect that running qemu as root counts as a 'bad idea' (I gather
that commands are filtered when running as a regular user), but even so,
I wonder if guests should be prevented from performing firmware updates?

One should never rely on QEMU to enforce any security policy. That'sthe job of the OS.

I'm sure something like SELinux can be used to prevent a root QEMUprocess from doing a firmware upgrade.


Regards,

Anthony Liguori

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2, (continued)

Prev by Date: Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2
Next by Date: Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2
Previous by thread: Re: [Qemu-devel] [PATCH 0/5] ATAPI pass through v2
Next by thread: [Qemu-devel] [PATCH 2/5] ATAPI pass through v2: adds few comments
Index(es):
- Date
- Thread