VirtPrivileges
Sommario
Improve security by adjusting the privileges of QEMU processes managed by libvirt. Also, allow KVM to be used by unprivileged users.
Progettista
- Nome: Daniel Berrange
- email: berrange@fedoraproject.org
Current status
- Targeted release: Fedora 12
- Last updated: 2009-08-05
- Percentage of completion: 100%
Detailed Description
The libvirtd daemon and QEMU driver has two modes of operation:
- A single system instance per machine, that runs with root privileges, launches QEMU instances as root, can use TAP device networking for QEMU, and has full storage and network management capabilities
- Fully unprivileged instances, which run as the same UID as the user accessing the API, but have a significantly reduced level of functionality.
The goal of this feature are to reduce the privileges of QEMU processes run by the system instance to improve security.
Specifically all QEMU processes will run as an unprivileged user/group called 'qemu'. libvirtd will be responsible for setting up file permissions to allow them to work
Benefit to Fedora
Reducing the privileges of the libvirt system instance will improve the security of a critical piece of infrastructure. Increasing the functionality of the session instance, will allow more widespread usage. By reducing the scenarios in which the system instance is needed, it will also improve security, since the session instance has far less privileges. Running everything as the same user account will also allow for better desktop session integration, particularly for the sound daemon, and facilitate usage of user home directories for disk image storage.
Altre informazioni
Per:
- Obbiettivi
- Test Plan
- Esperienza Utente
- Dipendenze
- Progetto corrente
- Documentazione
- Note di rilascio
- Commenti e Discussioni
consultare la pagina originale di questo documento.