On Tue, Jul 20, 2010 at 04:13:06PM -0700, Chris Wright wrote: > * Alex Williamson (alex.william...@redhat.com) wrote: > > When supported by the host kernel, we can use read/write on the > > PCI sysfs resource file for I/O port regions. This allows us to > > avoid raw in/out commands and works with deprivileged guests via > > libvirt. For uid 0 callers, we use in/out directly to avoid any > > compatibility issues. > > won't uid 0 test will fail if libvirt launches qemu with user set to > root (capabilities still get dropped)?
Yes, if the kernel is doing a CAP_SYS_ADMIN check (or similar), then testing uid==0 is definitely wrong. You'd need to test have(CAP_SYS_ADMIN) instead. REgards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
