|
93
by Jamie Strandboge
* Merge from debian unstable with security fixes |
1 |
Author: Jamie Strandboge <jamie@ubuntu.com> |
2 |
Description: adjust qemu.conf to run as root, not the new Debian default of |
|
3 |
libvirt-qemu:kvm |
|
4 |
. |
|
5 |
In Ubuntu, Qemu/KVM virtual machines are fully isolated and confined by the |
|
6 |
AppArmor security driver. This new default in Debian is not as well-tested, |
|
7 |
with the upstream implementation contentious among the KVM and libvirt |
|
8 |
communities. |
|
9 |
. |
|
10 |
While the current implementation does reduce the privileges of the VMs |
|
11 |
running under qemu:///system, all VMs currently run under the same user so |
|
12 |
there is no guest isolation. Even if each user ran under its own user, an |
|
13 |
attacker could potentially break out of the VM and have unconfined user |
|
14 |
access (albeit non-root). |
|
15 |
. |
|
16 |
Once there is consensus among the community on the implementation, changing |
|
17 |
this default in Ubuntu can be considered as an additional protection to the |
|
18 |
AppArmor driver. |
|
19 |
||
20 |
Index: libvirt-0.8.1/src/qemu/qemu.conf
|
|
21 |
===================================================================
|
|
22 |
--- libvirt-0.8.1.orig/src/qemu/qemu.conf 2010-03-12 10:08:24.000000000 -0600
|
|
23 |
+++ libvirt-0.8.1/src/qemu/qemu.conf 2010-06-15 14:41:30.000000000 -0500
|
|
24 |
@@ -91,10 +91,12 @@
|
|
25 |
||
26 |
||
27 |
# The user ID for QEMU processes run by the system instance |
|
28 |
-#user = "root"
|
|
29 |
+#user = "libvirt-qemu"
|
|
30 |
+user = "root"
|
|
31 |
||
32 |
# The group ID for QEMU processes run by the system instance |
|
33 |
-#group = "root"
|
|
34 |
+#group = "kvm"
|
|
35 |
+group = "root"
|
|
36 |
||
37 |
# Whether libvirt should dynamically change file ownership |
|
38 |
# to match the configured user/group above. Defaults to 1. |