[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC v4 PATCH 49/49] multi-process: add configure and usage informat
|
From: |
Michael S. Tsirkin |
|
Subject: |
Re: [RFC v4 PATCH 49/49] multi-process: add configure and usage information |
|
Date: |
Thu, 7 Nov 2019 09:33:45 -0500 |
On Thu, Nov 07, 2019 at 03:02:20PM +0100, Stefan Hajnoczi wrote:
> This documentation suggests that QEMU spawns the remote processes. How
> do this work with unprivileged QEMU? Is there an additional step where
> QEMU drops privileges after having spawned remote processes?
>
> Remote processes require accesses to resources that the main QEMU
> process does not need access to, so I'm wondering how this process model
> ensures that each process has only the privileges it needs.
I guess you have something like capabilities in mind?
When using something like selinux, priviledges are per binary
so the order of startup doesn't matter.
--
MST