From nobody Thu May 2 05:13:00 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553616413340452.44704682959355; Tue, 26 Mar 2019 09:06:53 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C076430832D1; Tue, 26 Mar 2019 16:06:40 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 084C75C226; Tue, 26 Mar 2019 16:06:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 616783FB13; Tue, 26 Mar 2019 16:06:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2QG6Jat020555 for ; Tue, 26 Mar 2019 12:06:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 733836092E; Tue, 26 Mar 2019 16:06:19 +0000 (UTC) Received: from kinshicho.brq.redhat.com (unknown [10.43.2.212]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EF0A56085B for ; Tue, 26 Mar 2019 16:06:18 +0000 (UTC) From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 26 Mar 2019 17:06:15 +0100 Message-Id: <20190326160616.31161-2-abologna@redhat.com> In-Reply-To: <20190326160616.31161-1-abologna@redhat.com> References: <20190326160616.31161-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 1/2] m4: Run QEMU under a distro-specific user when possible X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.44]); Tue, 26 Mar 2019 16:06:52 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Our current defaults are root:wheel on FreeBSD and macOS, root:root everywhere else. Looking at what downstream distributions actually do, we can see that these defaults are overriden the vast majority of the time, with a number of variations showing up in the wild: * qemu:qemu -> Used by CentOS, Fedora, Gentoo, OpenSUSE, RHEL and... As it turns out, our very own spec file :) * libvirt-qemu:libvirt-qemu -> Used by Debian. * libvirt-qemu:kvm -> Used by Ubuntu. * nobody:nobody -> Used by Arch Linux. Based on this information, we can do a better job at integrating with downstream packages: if the distro-specific user and group already exist on the system then we use them, and if not (or we're building on an unknown OS) we just use root:root as we would have before. This change makes it less likely that people building from source will end up running their guests as root, which from the security point of view is a very desiderable outcome. Signed-off-by: Andrea Bolognani --- Proof that I'm not making any of this up: * Alpine Linux https://github.com/alpinelinux/aports/blob/master/main/libvirt/APKBUILD * Arch Linux https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=3Dlibvirt-git#n1= 13 * CentOS https://git.centos.org/blob/rpms!libvirt.git/8d86411e5109d791edf49c7f43= c08a06b80896af/SPECS!libvirt.spec#L226 * Debian https://salsa.debian.org/libvirt-team/libvirt/blob/debian/sid/debian/ru= les#L94-95 * Fedora https://src.fedoraproject.org/rpms/libvirt/blob/f29/f/libvirt.spec#_204 * FreeBSD https://github.com/freebsd/freebsd-ports/blob/master/devel/libvirt/Make= file * Gentoo https://github.com/gentoo/gentoo/blob/master/app-emulation/libvirt/libv= irt-5.1.0.ebuild#L296-L297 * macOS (Homebrew) https://github.com/Homebrew/homebrew-core/blob/master/Formula/libvirt.rb * OpenSUSE https://build.opensuse.org/package/view_file/openSUSE:Leap:15.0:Update/= libvirt/libvirt.spec?expand=3D1 * Ubuntu https://git.launchpad.net/ubuntu/+source/libvirt/tree/debian/rules?h=3D= ubuntu/disco#n99 * Upstream :) https://libvirt.org/git/?p=3Dlibvirt.git;a=3Dblob;f=3Dlibvirt.spec.in;h= =3Db7a35a0fb14f3360eb795c4ec9b0e46171d2e4ec;hb=3DHEAD#l196 m4/virt-driver-qemu.m4 | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/m4/virt-driver-qemu.m4 b/m4/virt-driver-qemu.m4 index cb05c34265..5d4ac66a4b 100644 --- a/m4/virt-driver-qemu.m4 +++ b/m4/virt-driver-qemu.m4 @@ -44,8 +44,34 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_QEMU], [ default_qemu_user=3Droot default_qemu_group=3Dwheel else - default_qemu_user=3Droot - default_qemu_group=3Droot + # Try to integrate gracefully with downstream packages by running QEMU + # processes under the same user and group they would + case $(grep ^ID=3D /etc/os-release 2>/dev/null) in + *arch*) + default_qemu_user=3Dnobody + default_qemu_group=3Dnobody + ;; + *centos*|*fedora*|*gentoo*|*rhel*|*suse*) + default_qemu_user=3Dqemu + default_qemu_group=3Dqemu + ;; + *debian*) + default_qemu_user=3Dlibvirt-qemu + default_qemu_group=3Dlibvirt-qemu + ;; + *ubuntu*) + default_qemu_user=3Dlibvirt-qemu + default_qemu_group=3Dkvm + ;; + esac + # If the expected user and group don't exist, or we haven't hit any + # of the cases above because we're running on an unknown OS, the only + # sensible fallback is root:root + if ! getent passwd "$default_qemu_user" >/dev/null 2>&1 || \ + ! getent group "$default_qemu_group" >/dev/null 2>&1; then + default_qemu_user=3Droot + default_qemu_group=3Droot + fi fi =20 if test "x$with_qemu_user" =3D "xplatform dependent" ; then --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list From nobody Thu May 2 05:13:00 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1553616422422644.8916160768699; Tue, 26 Mar 2019 09:07:02 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3AC68C05678B; Tue, 26 Mar 2019 16:07:01 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0768C6092E; Tue, 26 Mar 2019 16:07:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id B7232180338A; Tue, 26 Mar 2019 16:07:00 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x2QG6K1b020562 for ; Tue, 26 Mar 2019 12:06:20 -0400 Received: by smtp.corp.redhat.com (Postfix) id 47E8A6092E; Tue, 26 Mar 2019 16:06:20 +0000 (UTC) Received: from kinshicho.brq.redhat.com (unknown [10.43.2.212]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C3DB36085B for ; Tue, 26 Mar 2019 16:06:19 +0000 (UTC) From: Andrea Bolognani To: libvir-list@redhat.com Date: Tue, 26 Mar 2019 17:06:16 +0100 Message-Id: <20190326160616.31161-3-abologna@redhat.com> In-Reply-To: <20190326160616.31161-1-abologna@redhat.com> References: <20190326160616.31161-1-abologna@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 2/2] m4: Add warning when running QEMU as root X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.32]); Tue, 26 Mar 2019 16:07:01 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Running QEMU as root is a pretty bad idea, so try to make the user aware of that as part of the configure summary. Signed-off-by: Andrea Bolognani --- m4/virt-driver-qemu.m4 | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/m4/virt-driver-qemu.m4 b/m4/virt-driver-qemu.m4 index 5d4ac66a4b..a8b9fe54b3 100644 --- a/m4/virt-driver-qemu.m4 +++ b/m4/virt-driver-qemu.m4 @@ -104,5 +104,10 @@ AC_DEFUN([LIBVIRT_DRIVER_RESULT_QEMU], [ ]) =20 AC_DEFUN([LIBVIRT_RESULT_QEMU_PRIVILEGES], [ - LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP]) + if test "$QEMU_USER" =3D "root"; then + LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP], + [!!! running QEMU as root is strongly discouraged !!!]) + else + LIBVIRT_RESULT([QEMU], [$QEMU_USER:$QEMU_GROUP]) + fi ]) --=20 2.20.1 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list