virt-ark / libvirt

Clone
Source Code
GIT

29cd187 m4: Run QEMU under a distro-specific user when possible

Authored and Committed by Andrea Bolognani 5 years ago
raw patch tree parent
1 file changed. 36 lines added. 2 lines removed.
m4/virt-driver-qemu.m4
file modified
+36 -2 
    m4: Run QEMU under a distro-specific user when possible
    
    Our current defaults are root:wheel on FreeBSD and macOS, root:root
    everywhere else.
    
    Looking at what downstream distributions actually do, we can see that
    these defaults are overriden the vast majority of the time, with a
    number of variations showing up in the wild:
    
      * qemu:qemu -> Used by CentOS, Fedora, Gentoo, OpenSUSE, RHEL
                     and... As it turns out, our very own spec file :)
    
      * libvirt-qemu:libvirt-qemu -> Used by Debian.
    
      * libvirt-qemu:kvm -> Used by Ubuntu.
    
      * nobody:nobody -> Used by Arch Linux.
    
    Based on this information, we can do a better job at integrating with
    downstream packages: if the distro-specific user and group already
    exist on the system then we use them, and if not (or we're building
    on an unknown OS) we just use root:root as we would have before.
    
    This change makes it less likely that people building from source
    will end up running their guests as root, which is a very desiderable
    outcome from the security point of view.
    
    Signed-off-by: Andrea Bolognani <abologna@redhat.com>
    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
file modified
+36 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.