diff options
author | Andrea Bolognani <abologna@redhat.com> | 2019-03-26 11:01:32 +0100 |
---|---|---|
committer | Andrea Bolognani <abologna@redhat.com> | 2019-03-26 18:30:24 +0100 |
commit | 29cd1877acd91883df32bf71ec07fe908e96db32 (patch) | |
tree | cd840c2d21c030a389c4b84528e46e7c8134975e | |
parent | c34b3eefdf2c7af39165c2efb95dd5300ca7a0cb (diff) | |
download | libvirt-29cd1877acd91883df32bf71ec07fe908e96db32.tar.gz |
m4: Run QEMU under a distro-specific user when possible
Our current defaults are root:wheel on FreeBSD and macOS, root:root
everywhere else.
Looking at what downstream distributions actually do, we can see that
these defaults are overriden the vast majority of the time, with a
number of variations showing up in the wild:
* qemu:qemu -> Used by CentOS, Fedora, Gentoo, OpenSUSE, RHEL
and... As it turns out, our very own spec file :)
* libvirt-qemu:libvirt-qemu -> Used by Debian.
* libvirt-qemu:kvm -> Used by Ubuntu.
* nobody:nobody -> Used by Arch Linux.
Based on this information, we can do a better job at integrating with
downstream packages: if the distro-specific user and group already
exist on the system then we use them, and if not (or we're building
on an unknown OS) we just use root:root as we would have before.
This change makes it less likely that people building from source
will end up running their guests as root, which is a very desiderable
outcome from the security point of view.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-rw-r--r-- | m4/virt-driver-qemu.m4 | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/m4/virt-driver-qemu.m4 b/m4/virt-driver-qemu.m4 index cb05c34265..586823c5aa 100644 --- a/m4/virt-driver-qemu.m4 +++ b/m4/virt-driver-qemu.m4 @@ -44,8 +44,42 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_QEMU], [ default_qemu_user=root default_qemu_group=wheel else - default_qemu_user=root - default_qemu_group=root + # Try to integrate gracefully with downstream packages by running QEMU + # processes using the same user and group they would + case $(grep ^ID= /etc/os-release 2>/dev/null) in + *arch*) + default_qemu_user=nobody + default_qemu_group=nobody + ;; + *centos*|*fedora*|*gentoo*|*rhel*|*suse*) + default_qemu_user=qemu + default_qemu_group=qemu + ;; + *debian*) + default_qemu_user=libvirt-qemu + default_qemu_group=libvirt-qemu + ;; + *ubuntu*) + default_qemu_user=libvirt-qemu + default_qemu_group=kvm + ;; + *) + default_qemu_user=root + default_qemu_group=root + ;; + esac + # If the expected user and group don't exist, or we haven't hit any + # of the cases above because we're running on an unknown OS, the only + # sensible fallback is root:root + AC_MSG_CHECKING([for QEMU credentials ($default_qemu_user:$default_qemu_group)]) + if getent passwd "$default_qemu_user" >/dev/null 2>&1 && \ + getent group "$default_qemu_group" >/dev/null 2>&1; then + AC_MSG_RESULT([ok]) + else + AC_MSG_RESULT([not found, using root:root instead]) + default_qemu_user=root + default_qemu_group=root + fi fi if test "x$with_qemu_user" = "xplatform dependent" ; then |