[openstack-dev] [StarlingX] StarlingX code followup discussions

Joshua Harlow harlowja at fastmail.com
Fri Jun 1 16:12:18 UTC 2018


Slightly off topic but,

Have you by any chance looked at what kata has forked for qemu:

https://github.com/kata-containers/qemu/tree/qemu-lite-2.11.0

I'd be interested in an audit of that code for similar reasons to this 
libvirt fork (hard to know from my view point if there are new issues in 
that code like the ones you are finding in libvirt).

Kashyap Chamarthy wrote:
> On Tue, May 22, 2018 at 01:54:59PM -0500, Dean Troyer wrote:
>> StarlingX (aka STX) was announced this week at the summit, there is a
>> PR to create project repos in Gerrit at [0]. STX is basically Wind
>
>  From a cursory look at the libvirt fork, there are some questionable
> choices.  E.g. the config code (libvirt/src/qemu/qemu.conf) is modified
> such that QEMU is launched as 'root'.  That means a bug in QEMU ==
> instant host compromise.
>
> All Linux distributions (that matter) configure libvirt to launch QEMU
> as a regular user ('qemu').  E.g. from Fedora's libvirt RPM spec file:
>
>      libvirt.spec:%define qemu_user  qemu
>      libvirt.spec:           --with-qemu-user=%{qemu_user} \
>
>      * * *
>
> There are multiple other such issues in the forked libvirt code.
>
> [...]
>



More information about the OpenStack-dev mailing list