Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-117440

RFE: Avoid qemu setuid when running as root

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.1
    • libguestfs
    • None
    • No
    • Low
    • rhel-virt-core
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      For a very long time we have wanted libvirt to not change the UID of qemu when libguestfs runs as root (eg: https://libguestfs.org/guestfs-faq.1.html#permission-denied-when-running-libguestfs-as-root https://bugzilla.redhat.com/show_bug.cgi?id=1045069).

      Recently this has become possible. We need to add this to the libvirt domain XML when creating the appliance:

      <seclabel type='static' model='dac' relabel='yes'>
  <label>+0:+0</label>
</seclabel>

      The effect of this is that when you run libguestfs as root, qemu will also run as root, not as qemu.qemu.

              rhn-engineering-colerobinson Cole Robinson
              rhn-eng-rjones Richard Jones
              virt-maint virt-maint
              virt-bugs virt-bugs
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: