[Libguestfs] [PATCH] libvirt: disallow non-local connections (RHBZ#1347830)
Richard W.M. Jones
rjones at redhat.com
Tue Jun 27 20:56:25 UTC 2017
Not that I'm opposed to this patch, but there's a bit of history here:
https://www.redhat.com/archives/libguestfs/2012-December/msg00120.html
I think it would be good for libvirt to address the "is remote" issue,
which libvirt is (in theory) in the best place to address, eg by
comparing systemd /etc/machine-id on both systems.
Then we could use that to deny remote URIs, but probably we wouldn't
want to deny it completely, but allow a way for callers to bypass the
check if they know better.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
More information about the Libguestfs
mailing list