[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] restrict access to host from guestfish



On Wed, Jul 29, 2015 at 06:32:15PM +0530, Raghu wrote:
> Hi Richard,
> 
> guestfish shell has an ability to execute commands on the host such as
> 
> !mkdir local
> tgz-out /remote local/remote-data.tar.gz
> 
> What is the best way to  restrict access to host from guestfish ?
> 
> For instance,
> 
> - Allow readonly access to host.. i.e., !ls is allowed
>        but dont allow !rm or !mkdir
> 
> - commands such as tgz-out, or copy-out should be able to access just
> /tmp,  but nothing else in host filesystem
> 
> Appreciate your guidance on this,

There's no way to do this at the moment, and no concept of a
"restricted shell" in guestfish.

How about running the guestfish command in a container or using a
restrictive SELinux/AppArmor policy?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]