[libvirt] Valid characters in domain names?
Richard W.M. Jones
rjones at redhat.com
Sun Oct 3 09:33:20 UTC 2010
On Sat, Oct 02, 2010 at 10:09:31PM +0200, Matthias Bolte wrote:
> 2010/10/2 Richard W.M. Jones <rjones at redhat.com>:
> > Does libvirt enforce any sort of validity of characters in guest names?
> >
> > Someone tried to create a domain called '#' (the single hash
> > character) and noted that this caused failures in virt-tools:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=639601
> > https://bugzilla.redhat.com/show_bug.cgi?id=639602
> >
> > Had a look at the code but couldn't see anything obvious: It seems
> > like libvirt delegates this entirely to the drivers, the drivers
> > (probably) all call virDomainDefParseXML, and this function does no
> > checking that I could see.
> >
> > If my analysis is correct, this could be dangerous. What if the name
> > contains a character that is special to the qemu command line (','),
> > to XML ('>'), or to C (�)?
> >
>
> Actually there are more places in libvirt that are prone to certain
> characters in the domain name. The domain name is used as part of a
> file name in several places. For example per-domain log files in
> /var/log/libvirt/*/<domain name>.log will have trouble with a / in the
> domain name.
Indeed. I'm sure we need a whitelist, not a blacklist as suggested by
the other comment. All domains I'd ever want to create would match
the regexp
^[[:alpha:]][-_[:alnum:]]*$
This might break existing users however.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://et.redhat.com/~rjones/libguestfs/
See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html
More information about the libvir-list
mailing list