[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH] libxl: Do not warn about non existing user for the device model

To: Anthony PERARD <anthony.perard@xxxxxxxxxx>
From: Wei Liu <wei.liu2@xxxxxxxxxx>
Date: Mon, 23 May 2016 15:14:59 +0100
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, Wei Liu <wei.liu2@xxxxxxxxxx>, xen-devel@xxxxxxxxxxxxx
Delivery-date: Mon, 23 May 2016 14:15:19 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

On Mon, May 23, 2016 at 03:09:17PM +0100, Anthony PERARD wrote:
> On Mon, May 23, 2016 at 12:57:26PM +0100, Wei Liu wrote:
> > On Mon, May 23, 2016 at 12:35:02PM +0100, Anthony PERARD wrote:
> > > Running QEMU as non-root user is not ready yet, so avoid avertising it
> > > with a warning.
> > > 
> > > Also improve the doc to include more potential issue with running QEMU
> > > as non-root.
> > > 
> > > Signed-off-by: Anthony PERARD <anthony.perard@xxxxxxxxxx>
> > > ---
> > >  docs/man/xl.cfg.pod.5          | 5 +++--
> > >  docs/misc/qemu-deprivilege.txt | 4 ++--
> > >  tools/libxl/libxl_dm.c         | 2 +-
> > >  3 files changed, 6 insertions(+), 5 deletions(-)
> > > 
> > > diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5
> > > index accd9b4..8a4f4c5 100644
> > > --- a/docs/man/xl.cfg.pod.5
> > > +++ b/docs/man/xl.cfg.pod.5
> > > @@ -1953,8 +1953,9 @@ option to the device-model.
> > >  
> > >  Run the device model as user "username", instead of
> > >  B<xen-qemuuser-domid$domid> or B<xen-qemuuser-shared> or B<root>.
> > > -Please note that running QEMU as non-root causes migration and PCI
> > > -passthrough not to work properly.
> > > +Please note that running QEMU as non-root causes several features like
> > > +migration and PCI passthrough to not work properly and may prevent the 
> > > guest
> > > +from booting.
> > >  
> > 
> > What is not clear is that whether using this option would buy the user
> > anything security-wise. If it doesn't improve security but only break
> > things we should probably remove it from man page all together.
> 
> If having undocumented config options is fine, then I guess we can
> remove this from the man.
> 

I would say it is OK to have some WIP options to go undocumented --
because you don't want users to use them anyway.

Another way is to state explicitly in manpage that people should not use
this option because it doesn't provide extra security at this stage.

Ian, do you have any opinion  on this?

Wei.

> -- 
> Anthony PERARD

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH] libxl: Do not warn about non existing user for the device model
  - From: Ian Jackson

References:
- [Xen-devel] [PATCH] docs: Fix device_model_user description of its default value
  - From: Anthony PERARD
- [Xen-devel] [PATCH] libxl: Do not warn about non existing user for the device model
  - From: Anthony PERARD
- Re: [Xen-devel] [PATCH] libxl: Do not warn about non existing user for the device model
  - From: Wei Liu
- Re: [Xen-devel] [PATCH] libxl: Do not warn about non existing user for the device model
  - From: Anthony PERARD

Prev by Date: [Xen-devel] [qemu-upstream-4.3-testing test] 94717: trouble: blocked/broken
Next by Date: Re: [Xen-devel] PAT-related crash booting Linux 4.4 + Xen 4.5 on VMware ESXi
Previous by thread: Re: [Xen-devel] [PATCH] libxl: Do not warn about non existing user for the device model
Next by thread: Re: [Xen-devel] [PATCH] libxl: Do not warn about non existing user for the device model
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.