[openstack-dev] [StarlingX] StarlingX code followup discussions
Joshua Harlow
harlowja at fastmail.com
Fri Jun 1 16:12:18 UTC 2018
Slightly off topic but,
Have you by any chance looked at what kata has forked for qemu:
https://github.com/kata-containers/qemu/tree/qemu-lite-2.11.0
I'd be interested in an audit of that code for similar reasons to this
libvirt fork (hard to know from my view point if there are new issues in
that code like the ones you are finding in libvirt).
Kashyap Chamarthy wrote:
> On Tue, May 22, 2018 at 01:54:59PM -0500, Dean Troyer wrote:
>> StarlingX (aka STX) was announced this week at the summit, there is a
>> PR to create project repos in Gerrit at [0]. STX is basically Wind
>
> From a cursory look at the libvirt fork, there are some questionable
> choices. E.g. the config code (libvirt/src/qemu/qemu.conf) is modified
> such that QEMU is launched as 'root'. That means a bug in QEMU ==
> instant host compromise.
>
> All Linux distributions (that matter) configure libvirt to launch QEMU
> as a regular user ('qemu'). E.g. from Fedora's libvirt RPM spec file:
>
> libvirt.spec:%define qemu_user qemu
> libvirt.spec: --with-qemu-user=%{qemu_user} \
>
> * * *
>
> There are multiple other such issues in the forked libvirt code.
>
> [...]
>
More information about the OpenStack-dev
mailing list