On Thu, Nov 07, 2019 at 03:02:20PM +0100, Stefan Hajnoczi wrote: > This documentation suggests that QEMU spawns the remote processes. How > do this work with unprivileged QEMU? Is there an additional step where > QEMU drops privileges after having spawned remote processes? > > Remote processes require accesses to resources that the main QEMU > process does not need access to, so I'm wondering how this process model > ensures that each process has only the privileges it needs.
I guess you have something like capabilities in mind? When using something like selinux, priviledges are per binary so the order of startup doesn't matter. -- MST