[Pkg-libvirt-maintainers] Bug#701649: Fix for stable

Guido Günther agx at sigxcpu.org
Fri Mar 15 09:52:04 UTC 2013


On Fri, Mar 15, 2013 at 10:40:12AM +0100, Yves-Alexis Perez wrote:
> On sam., 2013-03-09 at 19:54 +0100, Guido Günther wrote:
> > Hi,
> > sorry for the delay but attached is the diff for the stable update. This
> > addrsses #701649 (CVE-2013-1766) as well as #699224 (kind of
> > CVE-2013-0170). Is this enough for the security team to issue the DSA?
> > Let me know if I can help further.
> > Cheers,
> >  -- Guido
> 
> Ok, I have two more questions:
> 
> - what is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701649#43
> really about? Does libvirt changes permissions on files added to the
> storage pool or something?

When using qemu:///system (that is running qemu via the system libvirtd
instead of the user's session libvirtd) and dynamic_ownership = 1 (the
default) libvirtd changes permissions of devices and files it needs to
open to libvirt-qemu:libvirt-qemu since it runs the qemu/kvm process
itself with these privileges. Before the change this used to be
libvirt-qemu:kvm.

> - in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701649#48 waldi
> seems to prefer the disks group, but I don't think any other comment
> replying to that. Could you elaborate about this?

This is just not how dynamic ownership works. It consistently uses the
above for all devices accessed by the qemu process.
Cheers,
 -- Guido

> 
> Regards,
> -- 
> Yves-Alexis



More information about the Pkg-libvirt-maintainers mailing list