libvirt-dnsmasq user should not be in group libvirt
Bug #1690729 reported by
Christian Ehrhardt
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt |
New
|
Unknown
|
|||
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Christian Ehrhardt |
Bug Description
The Ubuntu Delta adds to run the dnsmasq for guest bridges as a separate user for better isolation (good).
But it adds it to group libvirt which is too much power, in some sense almost increasing the power of that service instead of lowering it.
Not so sure on SRUing user modifications, but at least on the next merge we should make sure to also create a libvirt-dnsmasq group, make the user part of that and be really safe then.
Changed in libvirt: | |
status: | Unknown → New |
To post a comment you must log in.
Also mod/long term this patch should become an upstream configure option.
That would:
1. allow to rely on it more
2. drop the delta patching the file
3. ease maintenance as we currently have to modify a lot of testcases (those would depend on the config then and change accordingly)