From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from imap.gmail.com [173.194.76.109] by localhost with POP3 (fetchmail-6.3.26) for (single-drop); Thu, 23 May 2024 03:48:54 +0200 (CEST) Received: by 2002:a05:6a11:2489:b0:55f:c3c0:ed08 with SMTP id sg9csp1026647pxb; Wed, 22 May 2024 18:48:34 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW6BywMpYxx5RDVM91XDX2wJkjjq+uVAtJYSdBeUTLf4QGtRJuz0J10ub6OGaygSoGJIRt0iNJqixPg3qgddMptg1v3t+72GlQ= X-Google-Smtp-Source: AGHT+IHxfHTkEKkEpQjadIiKzdkW055aSQlw51+W0Yb9aVoNKlvFCjo6WTtKrwKnNnHYJwTJMVdc X-Received: by 2002:ac8:5a10:0:b0:43a:e5b1:c8 with SMTP id d75a77b69052e-43f9e171328mr35857811cf.58.1716428914215; Wed, 22 May 2024 18:48:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1716428914; cv=none; d=google.com; s=arc-20160816; b=ot/F7yMo+NxbuqldQyvmKL6yZL54kZpwv7PdO+z3d6cz5k8BlFrRHHGfJ3qn0JOU7g 6SbHmWCHL9r394QERqXFkSwtxLhZdhuiacj6u92tB+DZ/UzbfoNu/GdXfqe1apM9S3S3 40bHNrt3RLu6GgzNLpEbGlkAugNX64GvS0NygsE+NRVAKOfHygtSjEv7MFcgS+ecPIU+ mppjMNnpElz0HEArUY60TCyqlwWweq/R8s2QE0h5reowMcQtaAbGNQd56IDglJW2nsT9 PXBPf7rLR2ZNQ5fX0mczalS9s0/2QcOYJJbd67OzT/OiWWcCe89AxFO/mgcxEETHUCE/ kgJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:dkim-signature:delivered-to; bh=doU8NCECWb5z8qDfdGYpyk0jx2miBuEqtELx+VqU7Fc=; fh=xYkst1351HdxJpVn+aDOJfMAHrKlAdcbZbZgF6iSq8Q=; b=o+agYyVJPKgimP5Qyfrs5YkVWRImusG8g0rgMsfymVkYsMm9JAOMeAZAyLSt2cc/fN 5qHw7ysUBS2l6wQ3Za2CZwOy3DYhHlQtAJNQU4e9I6vAYjkcuhl1dTgSmwVFUOIY/ZaH c9znwk9brWC+pQ8aM1roYGzK6oM279LsXhp11pHCKQcxW3b5jwJpetn9SPD882UdzN9p 9H/+CA4oUhIV1uSuWgD3mS0yuE1Mc9MhH8E10MpBvN9BK9c47+k41kRizdvC2+kP7O8s iQNu6OPtX6euVUNhO4yRUETbCRGsdl2VtmwreqePUE7dUJmQaneovc2pEXLJ1LO/mqwv i45Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@gibson.dropbear.id.au header.s=202312 header.b=AENL2o3U; spf=pass (google.com: domain of dgibson@gandalf.ozlabs.org designates 150.107.74.76 as permitted sender) smtp.mailfrom=dgibson@gandalf.ozlabs.org Return-Path: Received: from us-smtp-inbound-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com. [170.10.128.131]) by mx.google.com with ESMTPS id d75a77b69052e-43df566f89esi44066321cf.308.2024.05.22.18.48.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 22 May 2024 18:48:33 -0700 (PDT) Received-SPF: pass (google.com: domain of dgibson@gandalf.ozlabs.org designates 150.107.74.76 as permitted sender) client-ip=150.107.74.76; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@gibson.dropbear.id.au header.s=202312 header.b=AENL2o3U; spf=pass (google.com: domain of dgibson@gandalf.ozlabs.org designates 150.107.74.76 as permitted sender) smtp.mailfrom=dgibson@gandalf.ozlabs.org Received: from mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-275-FLnvmWEiNmaWepjj-dowow-1; Wed, 22 May 2024 21:48:31 -0400 X-MC-Unique: FLnvmWEiNmaWepjj-dowow-1 Received: from mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-02.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 9EDD71956088 for ; Thu, 23 May 2024 01:48:30 +0000 (UTC) Received: by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) id 8F66C194328D; Thu, 23 May 2024 01:48:30 +0000 (UTC) Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.23]) by mx-prod-int-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 8CD3F194328B for ; Thu, 23 May 2024 01:48:30 +0000 (UTC) Received: from us-smtp-inbound-delivery-1.mimecast.com (us-smtp-delivery-1.mimecast.com [170.10.128.131]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 3565E1955E7A for ; Thu, 23 May 2024 01:48:30 +0000 (UTC) Received: from mail.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-17-IF-_ywa-ND6NoSlO66fXAA-1; Wed, 22 May 2024 21:48:26 -0400 X-MC-Unique: IF-_ywa-ND6NoSlO66fXAA-1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202312; t=1716428901; bh=doU8NCECWb5z8qDfdGYpyk0jx2miBuEqtELx+VqU7Fc=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=AENL2o3U8vI+YiQsrn+X0TIo5SZGxr2JYVUEi4dfht5mGEjK13hs+3PNg8eTu3G8L g18bNTtBV93PL8KZEjhdYkLSFoEBwkwIdb/MpzUFqWsQl7vZDbWvWfFFA2cIWzonwr uw4lXgcHVN3AzQj6IWTDujDz2enEu6f85hc1zMf5ZH3uaOReyyygubRxzltzBZh2lV flR9wAqg0rX0XCoCL7Q/DsakfQO5QgBi7Si+Uhu8PKS2mXb4CXjj0sVVTZmYRw7FZA F+T/wcMcjdWfxOQaEtRCAzlzXyBpHFpexevUzkQN64hCWT2MMWol14PBzh1/4+TbhT FreCQRNL6cZTg== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4VlB0475Bpz4wqM; Thu, 23 May 2024 11:48:20 +1000 (AEST) Date: Thu, 23 May 2024 11:45:38 +1000 From: David Gibson To: Stefano Brivio Cc: passt-dev@passt.top, "'Richard W . M . Jones'" , Minxi Hou Subject: Re: [PATCH 1/8] conf: Don't lecture user about starting us as root Message-ID: References: <20240522205911.261325-1-sbrivio@redhat.com> <20240522205911.261325-2-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="nFYMVbHL4SGDMpwC" Content-Disposition: inline In-Reply-To: <20240522205911.261325-2-sbrivio@redhat.com> X-Scanned-By: MIMEDefang 3.0 on 10.30.177.17 List-Id: --nFYMVbHL4SGDMpwC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 22, 2024 at 10:59:04PM +0200, Stefano Brivio wrote: > libguestfs tools have a good reason to run as root: if the guest image > is owned by root, it would be counterproductive to encourage users to > invoke them as non-root, as it would require changing permissions or > ownership of the image file. >=20 > And if they run as root, we'll start as root, too. Warn users we'll > switch to 'nobody', but don't tell them what to do. >=20 > Reported-by: Richard W.M. Jones > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson > --- > conf.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/conf.c b/conf.c > index 21d46fe..2e0d909 100644 > --- a/conf.c > +++ b/conf.c > @@ -1093,7 +1093,7 @@ static void conf_ugid(char *runas, uid_t *uid, gid_= t *gid) > return; > =20 > /* ...otherwise use nobody:nobody */ > - warn("Don't run as root. Changing to nobody..."); > + warn("Started as root. Changing to nobody..."); > { > #ifndef GLIBC_NO_STATIC_NSS > const struct passwd *pw; --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --nFYMVbHL4SGDMpwC Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmZOn70ACgkQzQJF27ox 2Gcf2A/+M4ha/AYTYeCdtJACvA6N2ld1C0ZNap8KEmkU/AhusfNLBaPEMxDXwuhC OAHxjihd9WSgBJasmz2vMHSvoKkiTdz1Eiz8tytbCWK5XgM3MVTOx6KrMiEwXJrr q+AkG2CXroKdSOPjBB3c4P3i7/ajpW7xyilQeRQr3IUJbMGKhA9vUbIdTCCY4i9R dYJdiWDv2UB7Gs0pbBbrInJ4EG6oqeInTuhk6dqoMmIyGeeZxTDXWZX0PzCWT2Ce xBfjDgQZI3HOgLHTbflDt6PiQuBf8uIHrUg/oXJ7i4AfzgZbXmMmx/u/BKaMXtdf brj2zgbXj11jly9GdlOTKmz/+bzQKOIIMfsZclx153yyq31KdNwSl+d9GiXTJE26 djUUSDptiu+j+9P6TP94O7II+5tqj+SI+gKqnBz/oW7Dr2XWPcUcmoazA8053dEN 428lDoJz1DNrghRfzGIEl89CX2w3QTiSbcSwaYNna09A4AGPl9w5nQCus6GsI9p8 50S6AbLClOumZllaLz2Ryj3It6iwgTVH3HC3xevDTpbBzkNJpk95tIyZzAo7/RA8 n4IddeufosGxaN6Btdbj7UhqhHlP1KNl6drOS9joL8WNQYQyrDbrs4DEojbpu5km p2BneKbio1uA+khdDGveBoUz8oLqfJ5dmaTMxzLE9Ms4PFrn8Ow= =7zOT -----END PGP SIGNATURE----- --nFYMVbHL4SGDMpwC--