[virt-tools-list] virt-what and security?
Daniel P. Berrange
berrange at redhat.com
Wed Jul 6 09:33:18 UTC 2011
On Wed, Jul 06, 2011 at 10:15:10AM +0100, Richard W.M. Jones wrote:
> On Tue, Jul 05, 2011 at 10:06:01PM -0700, Stephen Hemminger wrote:
> [...]
> > Why can lscpu find the same information without being root?
> > Most of the checks (cpuid, file locations etc) can be found out
> > by non-root. Only dmidecode seems to require trust, aren't there
> > enough ways to find out without using dmidecode?
>
> Yes, we can probably make virt-what run as non-root, although some
> tests (the ones relying on dmidecode) will have to be disabled.
On more recent kernels, some of the DMI information is also available
unprivileged under /sys/devices/virtual/dmi/, so you may only need to
run the dmidecode binary on older guests
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the virt-tools-list
mailing list