Package: qemu-kvm Version: 0.14.1+dfsg-3 Severity: normal When using user-mode (slirp) networking with samba share redirection, it works in unexpected ways. Qemu tells smbd to bind to 127.0.0.1, but this address may be already in use by system smbd, in which case the share will either not work at all (reportedly kvm process crashing), or system smbd will be used instead of locally-run one (I wasn't able to reproduce the crash - qemu merely forwards 10.0.2.4 address to 127.0.0.1, it does not depend on smbd spawned by it).
Also, smb shares can't be used by non-root user, since smbd always tries to access /var/lib/samba/secrets.tdb (and other files in there) which is accessible only for root. And even if it gets started finally, it does not work reliable - I see numerous reconnects from the guest, timeouts, operations takes ages to complete. The fact that it binds smbd to 127.0.0.1 thus making all connections visible for everyone on the same machine is also troubling, from the security perspective, because there's no authentification whatsoever, and anyone on the same host can connect to this smbd running on 127.0.0.1 and access files as owner of qemu process. I think it is a wontfix at the end, unfortunately, or at least parts of this. Samba isn't tested to be runnable as user, "locally", there are more and more options which refer to global configuration. It does not provide a way to communicate using mechanisms other than tcp - eg, a pipe or unix socket - to secure communications. But the reliability of the connection is something to think about. The same problem applies to many versions of qemu-kvm, -- 0.12 (in squeeze) and 0.15 (in experimental) are also affected. /mjt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
