From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from imap.gmail.com [173.194.76.109] by localhost with POP3 (fetchmail-6.3.26) for (single-drop); Thu, 23 May 2024 11:52:56 +0200 (CEST) Received: by 2002:a05:6a11:2489:b0:55f:c3c0:ed08 with SMTP id sg9csp1196472pxb; Thu, 23 May 2024 02:52:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXbCQ5hBB83AE99OSAxSXsF0WNWaR/KU1+Qz+8DTgf8UQ4MMKK3nqJg6jqav5mkd4hjRVRMDrolFZPtrKwBvAl9JnOavxWG/hE= X-Google-Smtp-Source: AGHT+IHEBomqNMgEUvAYFVyHQZKW0Jujo3ySdiskCOPpLTqyVGsV2Ot4H0EC7zhmyGSHfPTaK5uO X-Received: by 2002:a05:6808:16a4:b0:3c9:7a6b:5d30 with SMTP id 5614622812f47-3cdb0c915c4mr5368463b6e.2.1716457947118; Thu, 23 May 2024 02:52:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1716457947; cv=none; d=google.com; s=arc-20160816; b=emTWZHPVH0GNHiaRztgOlCh4dkwECRV0YxOCcFHljaVFMzkDUCf8sSryDWhaNd/gmu 9D+4LXOUpd2VJmed/C4sXjrW70VtWK7ZvrQiAIVBDa3E7++gqGJH/Y2EEt4r/WXibC3n EYZzoZBXthQs/SO1XhNTnshXZSkEWzkFYCtgoO8BkeGWkxE1U1kgyC6pUIHgR66MH6/I TfXSjTXHH9E5Sn00OircMNQtkYzOoNJ8AKK6+Esym4FY4+hFUxBDxY1/B97E3o3YeB98 ylTfvD/jWpKRiZsnYE6mjSX8oxtt4G5JmhcyfmH66vqzB20uEoqqjEwR3+LKfbkQ4SJs soZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-disposition:user-agent:in-reply-to:mime-version:references :message-id:subject:cc:to:from:date:delivered-to; bh=0i7EDAACKceZW+4p4y57pXQTJnnqMBf9cXryiaoRHmk=; fh=sa22/YzBg7gBlP1vWMAMO0ID50cEEzmrnuJNDeV9zT4=; b=y/MuWn1xef6vUzrPcawuUS4b8E7mkg4gvC+LI6OiwbNri6NFiIqvj+B3GYtyfjNBCc WJE+YMWPwlsA05G4lrSKhdqhiLy+NPYaieJ2FmkMQ+h5CXAy5vmZz4kF2LSbk8sfPV0D 3RcdeyvfXVr8aDYzQyE8SD1lClXqJEk8Unk1yGjff73TceOlCXmBPNutcg+BCgGSGRXH aco4LUWw2nDOkkH7tVRAozaDsU+ean9AcpTwWnHzbhIVSDoH2IKFjOZ9ldL4gS7STrzC jYsBPIkn60l/KuOPsEyAqHZgljllYYh1Is5G3UuANcCgGLpJAtH0cT8AraKd1GTQw4fp /Hig==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; gateway.spf=pass (google.com: domain gapps.redhat.com configured 205.139.110.120 as internal address) smtp.mailfrom=rjones@redhat.com smtp.remote-ip=205.139.110.120 policy.d=gapps.redhat.com Return-Path: Received: from us-smtp-inbound-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com. [205.139.110.120]) by mx.google.com with ESMTPS id af79cd13be357-792e4162baasi6638085a.150.2024.05.23.02.52.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 May 2024 02:52:27 -0700 (PDT) Received-SPF: pass (google.com: domain gapps.redhat.com configured 205.139.110.120 as internal address) Authentication-Results: mx.google.com; gateway.spf=pass (google.com: domain gapps.redhat.com configured 205.139.110.120 as internal address) smtp.mailfrom=rjones@redhat.com smtp.remote-ip=205.139.110.120 policy.d=gapps.redhat.com Received: from mimecast-mx02.redhat.com (mx-ext.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-628-Q9-CuPNHP4iMgiM_-bKRoA-1; Thu, 23 May 2024 05:52:25 -0400 X-MC-Unique: Q9-CuPNHP4iMgiM_-bKRoA-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0D03629AA3BD for ; Thu, 23 May 2024 09:52:25 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 09ECC40005C; Thu, 23 May 2024 09:52:25 +0000 (UTC) Received: from localhost (unknown [10.42.28.23]) by smtp.corp.redhat.com (Postfix) with ESMTP id 044B9492BC6; Thu, 23 May 2024 09:52:23 +0000 (UTC) Date: Thu, 23 May 2024 10:52:22 +0100 From: "Richard W.M. Jones" To: Stefano Brivio Cc: passt-dev@passt.top, David Gibson , Minxi Hou Subject: Re: [PATCH 1/8] conf: Don't lecture user about starting us as root Message-ID: <20240523095222.GR4345@redhat.com> References: <20240522205911.261325-1-sbrivio@redhat.com> <20240522205911.261325-2-sbrivio@redhat.com> MIME-Version: 1.0 In-Reply-To: <20240522205911.261325-2-sbrivio@redhat.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Scanned-By: MIMEDefang 3.4.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=us-ascii Content-Disposition: inline List-Id: On Wed, May 22, 2024 at 10:59:04PM +0200, Stefano Brivio wrote: > libguestfs tools have a good reason to run as root: if the guest image > is owned by root, it would be counterproductive to encourage users to > invoke them as non-root, as it would require changing permissions or > ownership of the image file. > > And if they run as root, we'll start as root, too. Warn users we'll > switch to 'nobody', but don't tell them what to do. > > Reported-by: Richard W.M. Jones > Signed-off-by: Stefano Brivio > --- > conf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/conf.c b/conf.c > index 21d46fe..2e0d909 100644 > --- a/conf.c > +++ b/conf.c > @@ -1093,7 +1093,7 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) > return; > > /* ...otherwise use nobody:nobody */ > - warn("Don't run as root. Changing to nobody..."); > + warn("Started as root. Changing to nobody..."); > { > #ifndef GLIBC_NO_STATIC_NSS > const struct passwd *pw; Makes sense: Reviewed-by: Richard W.M. Jones Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com nbdkit - Flexible, fast NBD server with plugins https://gitlab.com/nbdkit/nbdkit