[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC v4 PATCH 49/49] multi-process: add configure and usage informat
From: |
Stefan Hajnoczi |
Subject: |
Re: [RFC v4 PATCH 49/49] multi-process: add configure and usage information |
Date: |
Fri, 8 Nov 2019 12:17:41 +0100 |
User-agent: |
Mutt/1.12.1 (2019-06-15) |
On Thu, Nov 07, 2019 at 09:33:45AM -0500, Michael S. Tsirkin wrote:
> On Thu, Nov 07, 2019 at 03:02:20PM +0100, Stefan Hajnoczi wrote:
> > This documentation suggests that QEMU spawns the remote processes. How
> > do this work with unprivileged QEMU? Is there an additional step where
> > QEMU drops privileges after having spawned remote processes?
> >
> > Remote processes require accesses to resources that the main QEMU
> > process does not need access to, so I'm wondering how this process model
> > ensures that each process has only the privileges it needs.
>
> I guess you have something like capabilities in mind?
Or namespaces (unshare(2)).
> When using something like selinux, priviledges are per binary
> so the order of startup doesn't matter.
For static SELinux policies that make sense, thanks for explaining.
Does libvirt also perform dynamic (i.e. per-instance) SELinux
configuration? I guess that cannot be associated with a specific binary
because multiple QEMU instances launch the same binary yet need to be
differentiated.
Stefan
signature.asc
Description: PGP signature