Bug 689320 - Non-root user could do read operation for guests created by root in readonly mode
Summary: Non-root user could do read operation for guests created by root in readonly ...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.1
Hardware: x86_64
OS: Linux
medium
high
Target Milestone: rc
: ---
Assignee: Daniel Veillard
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-21 06:16 UTC by zhanghaiyan
Modified: 2011-07-22 08:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-10 03:02:23 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description zhanghaiyan 2011-03-21 06:16:59 UTC 
Description of problem:
Non-root user could list guests created by root in readonly mode

Version-Release number of selected component (if applicable):
- libvirt-0.8.7-13.el6.x86_64
- qemu-kvm-0.12.1.2-2.150.el6.x86_64
- 2.6.32-120.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1.[test@dhcp-65-132 root]$ virsh -c qemu:///system --readonly
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh > list --all
 Id Name                 State
----------------------------------
  1 rhel6-qcow2          paused
  - cdrom_test           shut off
  - demo                 shut off
  - pxe                  shut off
virsh > dominfo rhel6-qcow2
Id:             1
Name:           rhel6-qcow2
UUID:           1ad340df-65de-b140-6713-4427534eada7
OS Type:        hvm
State:          paused
CPU(s):         1
CPU time:       25.3s
Max memory:     1048576 kB
Used memory:    1048576 kB
Persistent:     yes
Autostart:      disable
Security model: selinux
Security DOI:   0
Security label: system_u:system_r:svirt_t:s0:c167,c187 (enforcing)
  
Actual results:
In not-root user, could do read operation for the guests created by root

Expected results:
In not-root user, could not do read operation for the guests created by root

Additional info:
In rhel6.0.z (libvirt-0.8.1-27.el6_0.5.x86_64.rpm), also exists this issue. But in read write mode, cannot list the guests created by root user.
Comment 2 zhanghaiyan 2011-04-02 02:53:47 UTC 
Please ignore 'Additional info' in description, because on libvirt-0.8.1-27.el6_0.5.x86_64.rpm, non-root user cannot connect to qemu:///system in rw mode at all.

Is 'non-root user cannot connect qemu:///system in rw mode' an expected result ?
Also on libvirt-0.8.7-15.el6.x86_64
[test@localhost root]$ virsh -c qemu:///system 
error: authentication failed
error: failed to connect to the hypervisor
Comment 3 RHEL Program Management 2011-04-04 02:06:15 UTC 
Since RHEL 6.1 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 4 Levente Farkas 2011-04-20 12:36:59 UTC 
the same happened with us and imho it a serious bug!
Comment 5 Dave Allan 2011-06-10 03:02:23 UTC 
This is behavior by design.  By default, a non-root user may issue read-only commands that will display the state of the system as defined by users with read-write access.  If the default behavior isn't desirable for a particular situation, it can be configured to be more restrictive.  See: http://libvirt.org/auth.html
Note You need to log in before you can comment on or make changes to this bug.