[pve-devel] Running KVM as root is a security issue

Alexandre DERUMIER aderumier at odiso.com
Mon Jul 27 16:07:10 CEST 2015


>>Yes, that much I've tested, too. I'm worried about the shutdown scripts
>>though (bridgedown). They might lack permissions if qemu doesn't keep a
>>privileged parent process around for those.

I think that pci passthrough need root access too. (maybe not with vfio).

Not sure about disks with /dev/ mapping ?



----- Mail original -----
De: "Wolfgang Bumiller" <w.bumiller at proxmox.com>
À: "Eric Blevins" <ericlb100 at gmail.com>
Cc: "pve-devel" <pve-devel at pve.proxmox.com>
Envoyé: Lundi 27 Juillet 2015 15:53:00
Objet: Re: [pve-devel] Running KVM as root is a security issue

> A patch exists to prevent a crash when a socket cannot be opened. 
> https://lists.gnu.org/archive/html/qemu-devel/2015-05/msg00577.html 

Included in the current 2.4 devel build. 

> I've done some experimenting. If I take the KVM command as generated 
> by Proxmox and simply add "-runas nobody" the VM starts up and runs 
> without a problem. 

Yes, that much I've tested, too. I'm worried about the shutdown scripts 
though (bridgedown). They might lack permissions if qemu doesn't keep a 
privileged parent process around for those. 

Ideally the VM can be started directly as a user, though, rather than 
using the -runas switch. That will be some work though. 

_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 


More information about the pve-devel mailing list