From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=OE1Gq7pW; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id 344EE5A026F for ; Thu, 25 Sep 2025 07:16:46 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758777405; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zsL92bD1jDynBpTqxKBZmg8ZR5qAj0qyaI/pjd9fp9g=; b=OE1Gq7pW+bzCIJAI/ByDDQRu38C7gzKL2F0nU0Tr/ugzBCikl1haCo9b8sA1UqToxRsW3H DKVI7vAbM01GUUAfYt4qRotJSifH8CEsrtbBPZ+UdYqnYgbcrpMuSE4fiEDRiUWSmnVpBZ oYZIfKG2IWYIRRCjiUM+UV4CgHuyetE= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-631-VkXktKtINAO19isc6TNgSA-1; Thu, 25 Sep 2025 01:16:44 -0400 X-MC-Unique: VkXktKtINAO19isc6TNgSA-1 X-Mimecast-MFC-AGG-ID: VkXktKtINAO19isc6TNgSA_1758777403 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-63038c9145dso538280a12.1 for ; Wed, 24 Sep 2025 22:16:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758777402; x=1759382202; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zsL92bD1jDynBpTqxKBZmg8ZR5qAj0qyaI/pjd9fp9g=; b=LE42Wifkbw2uyCgLbxDvUBt0ptmutWh0F7J3j3RFGN2VXloOUhjF1zcdfWJ2fTxgUw Nf1Adm+LxfB0r/3LfdCIa7mYxb9p0mziODjzsjcUiFycaJs6VzF1ONIjAFn0lHvCs9/G RZN3kOXjeGlo0x0sHTI/OqClEaOyo4YvmNQlTm+0JybzFJrM0ksyj5d8/1wjAbdzat/4 InPJuDFTi1Y5CEUubHM3gpEpLDU9BWqRXupp9racDveE/S6TJiYQz80VuAXzWHPYr8TM YyXiN26tTbyGKuIVkYhzREqVPU7AmNv94cLtk6qBeURht0WNjJfugpm8S5CbozaR8R/q 09Vw== X-Forwarded-Encrypted: i=1; AJvYcCUwWk+oGGUV/7pVC2Iv57RuD0vubTv96sFjIUrKapJrxYPMF6uOiLtlEwfYAdNUlurS2PepIrUK11s=@passt.top X-Gm-Message-State: AOJu0YyvUcfWbGdErsNpwqIO60ra00hfVw7VtVSTKUVsAvv31Iz0j0ZZ T1Vjae9ZFgmLuPrq7p9BZKisALVvT6x/8peUai7B0H14hbAEyzAZ14eY7/1Kq98o7jen4e+1CSE RcU5IZ3S01HbkurYESYeiGy9zXbdbdixAEsgg/Mpq1KZUCs8duiJBnK4GPRW974LrRXMp3l1CCi GNmuzwfILeWgAbDMKUSR6zUCYLZtUN X-Gm-Gg: ASbGncuVcmMnxA6FHv03xQLB0qAh9Q68krY+06v1l56pXf4LGt00FzpgUJeHswRvNGy SWVdvzgurY9OIeKsUoDSLWI/EvpgsqG6esDn/hiAagki7d0pQ29dECchhDyxxLFvw5QZcIwYbUR +KTaHfKNFEWJHUbaT7MKCwSg== X-Received: by 2002:a05:6402:a00d:b0:62f:65f5:a8cd with SMTP id 4fb4d7f45d1cf-6349f9d260dmr1493252a12.7.1758777401765; Wed, 24 Sep 2025 22:16:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFkyJwuFqPSHL8aV1+hrEVt+zipxuiizeQaf1P3vtg2KOJ9JIIoLx5Es8f5VwQ5YfE7NI7T2eog9vzqq424c34= X-Received: by 2002:a05:6402:a00d:b0:62f:65f5:a8cd with SMTP id 4fb4d7f45d1cf-6349f9d260dmr1493239a12.7.1758777401364; Wed, 24 Sep 2025 22:16:41 -0700 (PDT) MIME-Version: 1.0 References: <20250919014329.6007-1-yuhuang@redhat.com> <20250919115822.4e3aab21@elisabeth> <20250922220338.49013fce@elisabeth> <20250923123213.61ddd9d5@elisabeth> <20250924104632.75b3f5a8@elisabeth> <20250924085621.GT1460@redhat.com> <20250924110909.43a16cfa@elisabeth> <20250924103131.GU1460@redhat.com> <20250924130553.673cc9c0@elisabeth> In-Reply-To: <20250924130553.673cc9c0@elisabeth> From: Yumei Huang Date: Thu, 25 Sep 2025 13:16:29 +0800 X-Gm-Features: AS18NWDuFs4oH-LJK4WkvqcuJgvRfAYIxEJ6jg5RhfrdoUMb6XQ5WQp9TsXfjq0 Message-ID: Subject: Re: [PATCH] test: Update README.md To: Stefano Brivio X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: VjUbc5bX82UsL5EfsdLrSgzSuC8hk2eaFW2Vy0_sDcg_1758777403 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Message-ID-Hash: ROKMT5G73NPFDNERUBGVSFKFWWA7FOBJ X-Message-ID-Hash: ROKMT5G73NPFDNERUBGVSFKFWWA7FOBJ X-MailFrom: yuhuang@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: "Richard W.M. Jones" , passt-dev@passt.top, david@gibson.dropbear.id.au, berrange@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, Sep 24, 2025 at 7:06=E2=80=AFPM Stefano Brivio = wrote: > > On Wed, 24 Sep 2025 11:31:31 +0100 > "Richard W.M. Jones" wrote: > > > On Wed, Sep 24, 2025 at 11:09:09AM +0200, Stefano Brivio wrote: > > > And now that you say that, I just realised that it would be as simple > > > as: > > > > > > https://libguestfs.org/guestfs-faq.1.html#permission-denied-when-ru= nning-libguestfs-as-root > > > > > > LIBGUESTFS_BACKEND=3Ddirect virt-edit... > > > > While that will indeed work, we're trying to discourage people from > > doing that, since it removes the other good things that libvirt does, > > such as setting up SELinux. > > Oh, I see. I guess it makes sense, with a number of caveats: > > 1. libvirt's SELinux policy doesn't seem to be really maintainable / > long-term sustainable to me, especially because it's still part of > fedora-selinux > > 2. it adds a rather artificial dependency on libvirt, so in the end > you're running more things, and more complicated ones, even if it's > not needed > > 3. the profile is still much looser than what a libguestfs specific > profile could be, see for example the AppArmor policy I introduced > at: > > https://salsa.debian.org/libvirt-team/guestfs-tools/-/commit/e638b1b= cb8a6621d0b61907f9269a2506680684f > > which, despite being rather loose, is still arguably much stricter > than this beast (and related add-ons): > > https://gitlab.com/libvirt/libvirt/-/blob/master/src/security/apparm= or/usr.sbin.libvirtd.in > > and I think a strict subset of it, as well. > > Now, it's all a bit simpler with AppArmor as we don't have the > multi-category security stuff, but conceptually this point should > apply to SELinux too. > > Still, to prepare guest images in our test suite, I think we could > happily use that trick. > > For this specific usage, we're not particularly concerned about > security, and guests are essentially trusted. We're using virt-edit to > add root auto-login without password, that's how much we care about > security there. Seems nobody is objecting to this. I will send another patch to add the tri= ck. > > > The real solution here IMHO is for libvirt to make session mode work > > for root without changing UID. It actually goes out of its way to > > stop this working at the moment[1]. > > > > Rich. > > > > [1] In qemuStateInitialize -> virQEMUDriverConfigNew, I think > > Another bit of the solution is probably to introduce a separate > SELinux policy for libguestfs itself. No, sorry, I can't volunteer for > that right now. :( > > -- > Stefano > --=20 Thanks, Yumei Huang