[virt-tools-list] virt-what and security?
Richard W.M. Jones
rjones at redhat.com
Thu Jul 7 13:16:36 UTC 2011
On Wed, Jul 06, 2011 at 10:33:18AM +0100, Daniel P. Berrange wrote:
> On Wed, Jul 06, 2011 at 10:15:10AM +0100, Richard W.M. Jones wrote:
> > On Tue, Jul 05, 2011 at 10:06:01PM -0700, Stephen Hemminger wrote:
> > [...]
> > > Why can lscpu find the same information without being root?
> > > Most of the checks (cpuid, file locations etc) can be found out
> > > by non-root. Only dmidecode seems to require trust, aren't there
> > > enough ways to find out without using dmidecode?
> >
> > Yes, we can probably make virt-what run as non-root, although some
> > tests (the ones relying on dmidecode) will have to be disabled.
>
> On more recent kernels, some of the DMI information is also available
> unprivileged under /sys/devices/virtual/dmi/, so you may only need to
> run the dmidecode binary on older guests
Thanks Stephen, Daniel.
I am tracking this issue in the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=719611
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v
More information about the virt-tools-list
mailing list