瀏覽代碼

qemu-options: Deprecate "-runas" and introduce "-run-with user=..." instead

The old "-runas" option has the disadvantage that it is not visible
in the QAPI schema, so it is not available via the normal introspection
mechanisms. We've recently introduced the "-run-with" option for exactly
this purpose, which is meant to handle the options that affect the
runtime behavior. Thus let's introduce a "user=..." parameter here now
and deprecate the old "-runas" option.

Message-ID: <20240506112058.51446-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth 1 年之前
父節點
當前提交
95e0fb0afa
共有 3 個文件被更改,包括 32 次插入4 次删除
  1. 6 0
      docs/about/deprecated.rst
  2. 11 4
      qemu-options.hx
  3. 15 0
      system/vl.c

+ 6 - 0
docs/about/deprecated.rst

@@ -61,6 +61,12 @@ configurations (e.g. -smp drawers=1,books=1,clusters=1 for x86 PC machine) is
 marked deprecated since 9.0, users have to ensure that all the topology members
 marked deprecated since 9.0, users have to ensure that all the topology members
 described with -smp are supported by the target machine.
 described with -smp are supported by the target machine.
 
 
+``-runas`` (since 9.1)
+----------------------
+
+Use ``-run-with user=..`` instead.
+
+
 User-mode emulator command line arguments
 User-mode emulator command line arguments
 -----------------------------------------
 -----------------------------------------
 
 

+ 11 - 4
qemu-options.hx

@@ -4824,7 +4824,8 @@ DEF("runas", HAS_ARG, QEMU_OPTION_runas, \
 SRST
 SRST
 ``-runas user``
 ``-runas user``
     Immediately before starting guest execution, drop root privileges,
     Immediately before starting guest execution, drop root privileges,
-    switching to the specified user.
+    switching to the specified user. This option is deprecated, use
+    ``-run-with user=...`` instead.
 ERST
 ERST
 
 
 DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
 DEF("prom-env", HAS_ARG, QEMU_OPTION_prom_env,
@@ -4990,13 +4991,15 @@ DEF("qtest-log", HAS_ARG, QEMU_OPTION_qtest_log, "", QEMU_ARCH_ALL)
 
 
 #ifdef CONFIG_POSIX
 #ifdef CONFIG_POSIX
 DEF("run-with", HAS_ARG, QEMU_OPTION_run_with,
 DEF("run-with", HAS_ARG, QEMU_OPTION_run_with,
-    "-run-with [async-teardown=on|off][,chroot=dir]\n"
+    "-run-with [async-teardown=on|off][,chroot=dir][user=username|uid:gid]\n"
     "                Set miscellaneous QEMU process lifecycle options:\n"
     "                Set miscellaneous QEMU process lifecycle options:\n"
     "                async-teardown=on enables asynchronous teardown (Linux only)\n"
     "                async-teardown=on enables asynchronous teardown (Linux only)\n"
-    "                chroot=dir chroot to dir just before starting the VM\n",
+    "                chroot=dir chroot to dir just before starting the VM\n"
+    "                user=username switch to the specified user before starting the VM\n"
+    "                user=uid:gid ditto, but use specified user-ID and group-ID instead\n",
     QEMU_ARCH_ALL)
     QEMU_ARCH_ALL)
 SRST
 SRST
-``-run-with [async-teardown=on|off][,chroot=dir]``
+``-run-with [async-teardown=on|off][,chroot=dir][user=username|uid:gid]``
     Set QEMU process lifecycle options.
     Set QEMU process lifecycle options.
 
 
     ``async-teardown=on`` enables asynchronous teardown. A new process called
     ``async-teardown=on`` enables asynchronous teardown. A new process called
@@ -5013,6 +5016,10 @@ SRST
     ``chroot=dir`` can be used for doing a chroot to the specified directory
     ``chroot=dir`` can be used for doing a chroot to the specified directory
     immediately before starting the guest execution. This is especially useful
     immediately before starting the guest execution. This is especially useful
     in combination with -runas.
     in combination with -runas.
+
+    ``user=username`` or ``user=uid:gid`` can be used to drop root privileges
+    by switching to the specified user (via username) or user and group
+    (via uid:gid) immediately before starting guest execution.
 ERST
 ERST
 #endif
 #endif
 
 

+ 15 - 0
system/vl.c

@@ -773,6 +773,10 @@ static QemuOptsList qemu_run_with_opts = {
             .name = "chroot",
             .name = "chroot",
             .type = QEMU_OPT_STRING,
             .type = QEMU_OPT_STRING,
         },
         },
+        {
+            .name = "user",
+            .type = QEMU_OPT_STRING,
+        },
         { /* end of list */ }
         { /* end of list */ }
     },
     },
 };
 };
@@ -3586,6 +3590,7 @@ void qemu_init(int argc, char **argv)
                 break;
                 break;
 #if defined(CONFIG_POSIX)
 #if defined(CONFIG_POSIX)
             case QEMU_OPTION_runas:
             case QEMU_OPTION_runas:
+                warn_report("-runas is deprecated, use '-run-with user=...' instead");
                 if (!os_set_runas(optarg)) {
                 if (!os_set_runas(optarg)) {
                     error_report("User \"%s\" doesn't exist"
                     error_report("User \"%s\" doesn't exist"
                                  " (and is not <uid>:<gid>)",
                                  " (and is not <uid>:<gid>)",
@@ -3612,6 +3617,16 @@ void qemu_init(int argc, char **argv)
                 if (str) {
                 if (str) {
                     os_set_chroot(str);
                     os_set_chroot(str);
                 }
                 }
+                str = qemu_opt_get(opts, "user");
+                if (str) {
+                    if (!os_set_runas(str)) {
+                        error_report("User \"%s\" doesn't exist"
+                                     " (and is not <uid>:<gid>)",
+                                     optarg);
+                        exit(1);
+                    }
+                }
+
                 break;
                 break;
             }
             }
 #endif /* CONFIG_POSIX */
 #endif /* CONFIG_POSIX */