libvirt launced kvm / qemu system processes run as root by default
Bug #522619 reported by
Chris Bainbridge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Upstream recommends to use default user:group = qemu:qemu
From http://
In the "system" instance, libvirt releases from 0.7.0 onwards allow control over the user/group that the QEMU virtual machines are run as. A build of libvirt with no configuration parameters set will still run QEMU processes as root:root. It is possible to change this default by using the --with-
To post a comment you must log in.
This is discussed extensively in /usr/share/ doc/libvirt- bin/changelog. Debian. gz, but the bottom line is that in Ubuntu libvirt-managed qemu/kvm VMs are confined by a very restrictive AppArmor profile by default. This offers significantly greater protection than running these VMs as an unconfined non-root user. For users who desire the non-root functionality, libvirt in Ubuntu is compiled with the necessary options and users need only adjust the 'user' and 'group' options in /etc/libvirt/ qemu.conf.
Of course, AppArmor confinement and running as non-root are not mutually exclusive, however it was deemed that the risk of regression with transitioning to the non-root setup for our upcoming LTS release was too great when compared to the small improvement in security when considering the default AppArmor confinement. This will likely be revisited in a future release of Ubuntu.