Ubuntu
libvirt package

libvirt launced kvm / qemu system processes run as root by default

Bug #522619 reported by Chris Bainbridge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Upstream recommends to use default user:group = qemu:qemu

From http://libvirt.org/drvqemu.html

In the "system" instance, libvirt releases from 0.7.0 onwards allow control over the user/group that the QEMU virtual machines are run as. A build of libvirt with no configuration parameters set will still run QEMU processes as root:root. It is possible to change this default by using the --with-qemu-user=$USERNAME and --with-qemu-group=$GROUPNAME arguments to 'configure' during build. It is strongly recommended that vendors build with both of these arguments set to 'qemu'.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is discussed extensively in /usr/share/doc/libvirt-bin/changelog.Debian.gz, but the bottom line is that in Ubuntu libvirt-managed qemu/kvm VMs are confined by a very restrictive AppArmor profile by default. This offers significantly greater protection than running these VMs as an unconfined non-root user. For users who desire the non-root functionality, libvirt in Ubuntu is compiled with the necessary options and users need only adjust the 'user' and 'group' options in /etc/libvirt/qemu.conf.

Of course, AppArmor confinement and running as non-root are not mutually exclusive, however it was deemed that the risk of regression with transitioning to the non-root setup for our upcoming LTS release was too great when compared to the small improvement in security when considering the default AppArmor confinement. This will likely be revisited in a future release of Ubuntu.

Changed in libvirt (Ubuntu):
importance: Undecided → Wishlist
status: New → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

While it is discussed in changelog.Debian.gz, I meant to reference /usr/share/doc/libvirt-bin/README.Debian.gz.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

This is fixed in Maverick now, which runs as libvirt-qemu:kvm.

Changed in libvirt (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.