=item
You must create user(s) for qemu to run as.
-Currently, you should either create
+
+Ideally, set aside a range of 32752 uids
+(from N to N+32751)
+and create a user
+whose name is B<xen-qemuuser-range-base>
+and whose uid is N
+and whose gid is a plain unprivileged gid.
+libxl will use one such user for each domid.
+
+Alternatively, either create
B<xen-qemuuser-domid$domid>
for every $domid from 1 to 32751 inclusive,
or
#include <xen/hvm/e820.h>
#include <sys/types.h>
#include <pwd.h>
+#include <grp.h>
static const char *libxl_tapif_script(libxl__gc *gc)
{
* userlookup_helper_getpwnam(libxl__gc*, const char *user,
* struct passwd **pwd_r);
*
+ * userlookup_helper_getpwuid(libxl__gc*, uid_t uid,
+ * struct passwd **pwd_r);
+ *
* returns 1 if the user was found, 0 if it was not, -1 on error
*/
#define DEFINE_USERLOOKUP_HELPER(NAME,SPEC_TYPE,STRUCTNAME,SYSCONF) \
}
DEFINE_USERLOOKUP_HELPER(getpwnam, const char*, passwd, _SC_GETPW_R_SIZE_MAX);
+DEFINE_USERLOOKUP_HELPER(getpwuid, uid_t, passwd, _SC_GETPW_R_SIZE_MAX);
/* colo mode */
enum {
uint64_t ram_size;
const char *path, *chardev;
char *user = NULL;
+ struct passwd *user_base;
dm_args = flexarray_make(gc, 16, 1);
dm_envs = flexarray_make(gc, 16, 1);
if (ret > 0)
goto end_search;
+ ret = userlookup_helper_getpwnam(gc, LIBXL_QEMU_USER_RANGE_BASE,
+ &user_base);
+ if (ret < 0)
+ return ret;
+ if (ret > 0) {
+ struct passwd *user_clash;
+ uid_t intended_uid = user_base->pw_uid + guest_domid;
+ ret = userlookup_helper_getpwuid(gc, intended_uid, &user_clash);
+ if (ret < 0)
+ return ret;
+ if (ret > 0) {
+ LOGD(ERROR, guest_domid,
+ "wanted to use uid %ld (%s + %d) but that is user %s !",
+ (long)intended_uid, LIBXL_QEMU_USER_RANGE_BASE,
+ guest_domid, user_clash->pw_name);
+ return ERROR_FAIL;
+ }
+ LOGD(DEBUG, guest_domid, "using uid %ld", (long)intended_uid);
+ flexarray_append(dm_args, "-runas");
+ flexarray_append(dm_args,
+ GCSPRINTF("%ld:%ld", (long)intended_uid,
+ (long)user_base->pw_gid));
+ user = NULL; /* we have taken care of it */
+ goto end_search;
+ }
+
user = LIBXL_QEMU_USER_SHARED;
ret = userlookup_helper_getpwnam(gc, user, 0);
if (ret < 0)
projects / xen.git / commitdiff