For more description see patch 3. Long story short, if the bridge helper runs with SUID, the mechanism we rely on (DAC denying access to ACL files) does not work. Michal Privoznik (3): qemu-bridge-helper: Reverse return value setting logic qemu-bridge-helper: Reverse return value setting logic in parse_acl_file qemu-bridge-helper: Take ACL file gid into account qemu-bridge-helper.c | 79 ++++++++++++++++++++++++++++------------------------ 1 file changed, 42 insertions(+), 37 deletions(-) -- 2.13.0
On 05/30/2017 10:23 AM, Michal Privoznik wrote: > For more description see patch 3. Long story short, if the bridge helper runs > with SUID, the mechanism we rely on (DAC denying access to ACL files) does not > work. > > Michal Privoznik (3): > qemu-bridge-helper: Reverse return value setting logic > qemu-bridge-helper: Reverse return value setting logic in > parse_acl_file > qemu-bridge-helper: Take ACL file gid into account > > qemu-bridge-helper.c | 79 ++++++++++++++++++++++++++++------------------------ > 1 file changed, 42 insertions(+), 37 deletions(-) > ping? Michal
On 06/22/2017 05:58 PM, Michal Privoznik wrote: > On 05/30/2017 10:23 AM, Michal Privoznik wrote: >> For more description see patch 3. Long story short, if the bridge helper runs >> with SUID, the mechanism we rely on (DAC denying access to ACL files) does not >> work. >> >> Michal Privoznik (3): >> qemu-bridge-helper: Reverse return value setting logic >> qemu-bridge-helper: Reverse return value setting logic in >> parse_acl_file >> qemu-bridge-helper: Take ACL file gid into account >> >> qemu-bridge-helper.c | 79 ++++++++++++++++++++++++++++------------------------ >> 1 file changed, 42 insertions(+), 37 deletions(-) >> > > ping? > ping^2? Michal
On Tue, Jul 11, 2017 at 03:10:43PM +0200, Michal Privoznik wrote: > On 06/22/2017 05:58 PM, Michal Privoznik wrote: > > On 05/30/2017 10:23 AM, Michal Privoznik wrote: > >> For more description see patch 3. Long story short, if the bridge helper runs > >> with SUID, the mechanism we rely on (DAC denying access to ACL files) does not > >> work. > >> > >> Michal Privoznik (3): > >> qemu-bridge-helper: Reverse return value setting logic > >> qemu-bridge-helper: Reverse return value setting logic in > >> parse_acl_file > >> qemu-bridge-helper: Take ACL file gid into account > >> > >> qemu-bridge-helper.c | 79 ++++++++++++++++++++++++++++------------------------ > >> 1 file changed, 42 insertions(+), 37 deletions(-) > >> > > > > ping? > > > > ping^2? Sigh, this is one of the files for which we have no nominated maintainer listed, so it easily falls through the cracks. Since this is network related, I wonder if Jason should be listed in the MAINTAINERS file for this. Or perhaps we should move the qemu-bridge-helper.c file into the net/ sub-directory instead ? Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 2017年07月11日 22:54, Daniel P. Berrange wrote: > On Tue, Jul 11, 2017 at 03:10:43PM +0200, Michal Privoznik wrote: >> On 06/22/2017 05:58 PM, Michal Privoznik wrote: >>> On 05/30/2017 10:23 AM, Michal Privoznik wrote: >>>> For more description see patch 3. Long story short, if the bridge helper runs >>>> with SUID, the mechanism we rely on (DAC denying access to ACL files) does not >>>> work. >>>> >>>> Michal Privoznik (3): >>>> qemu-bridge-helper: Reverse return value setting logic >>>> qemu-bridge-helper: Reverse return value setting logic in >>>> parse_acl_file >>>> qemu-bridge-helper: Take ACL file gid into account >>>> >>>> qemu-bridge-helper.c | 79 ++++++++++++++++++++++++++++------------------------ >>>> 1 file changed, 42 insertions(+), 37 deletions(-) >>>> >>> ping? >>> >> ping^2? Applied. > Sigh, this is one of the files for which we have no nominated maintainer > listed, so it easily falls through the cracks. > > Since this is network related, I wonder if Jason should be listed in the > MAINTAINERS file for this. Or perhaps we should move the qemu-bridge-helper.c > file into the net/ sub-directory instead ? Let me claim this in MAINTAINERS. Thanks > > Regards, > Daniel
On 2017年07月14日 15:31, Jason Wang wrote: > > > On 2017年07月11日 22:54, Daniel P. Berrange wrote: >> On Tue, Jul 11, 2017 at 03:10:43PM +0200, Michal Privoznik wrote: >>> On 06/22/2017 05:58 PM, Michal Privoznik wrote: >>>> On 05/30/2017 10:23 AM, Michal Privoznik wrote: >>>>> For more description see patch 3. Long story short, if the bridge >>>>> helper runs >>>>> with SUID, the mechanism we rely on (DAC denying access to ACL >>>>> files) does not >>>>> work. >>>>> >>>>> Michal Privoznik (3): >>>>> qemu-bridge-helper: Reverse return value setting logic >>>>> qemu-bridge-helper: Reverse return value setting logic in >>>>> parse_acl_file >>>>> qemu-bridge-helper: Take ACL file gid into account >>>>> >>>>> qemu-bridge-helper.c | 79 >>>>> ++++++++++++++++++++++++++++------------------------ >>>>> 1 file changed, 42 insertions(+), 37 deletions(-) >>>>> >>>> ping? >>>> >>> ping^2? > > Applied. Just notice Daniel's comment. Michal, can you please address that? Thanks > >> Sigh, this is one of the files for which we have no nominated maintainer >> listed, so it easily falls through the cracks. >> >> Since this is network related, I wonder if Jason should be listed in the >> MAINTAINERS file for this. Or perhaps we should move the >> qemu-bridge-helper.c >> file into the net/ sub-directory instead ? > > Let me claim this in MAINTAINERS. > > Thanks > >> >> Regards, >> Daniel > >
© 2016 - 2024 Red Hat, Inc.