[Libguestfs] [PATCH] libvirt: disallow non-local connections (RHBZ#1347830)
Pino Toscano
ptoscano at redhat.com
Wed Jun 28 08:33:48 UTC 2017
On Tuesday, 27 June 2017 22:56:25 CEST Richard W.M. Jones wrote:
>
> Not that I'm opposed to this patch, but there's a bit of history here:
>
> https://www.redhat.com/archives/libguestfs/2012-December/msg00120.html
Hm it doesn't say much more about that though, and the solution I
implemented is even less strict than what Dan suggested back then.
> I think it would be good for libvirt to address the "is remote" issue,
> which libvirt is (in theory) in the best place to address, eg by
> comparing systemd /etc/machine-id on both systems.
I took the approach from what virt-manager does, i.e. consider local
connections whose URI has an empty hostname.
OTOH, currently in libvirt there is still no reliable way to detect
whether some connection is local: the internal calculation of the UUID
for the capabilities may use files and tools which can be read and run
by root only, so the output on the same host changes depending on the
user.
> Then we could use that to deny remote URIs, but probably we wouldn't
> want to deny it completely, but allow a way for callers to bypass the
> check if they know better.
That could be a good idea, how would you expect this bypass to look
like?
--
Pino Toscano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20170628/823a9c88/attachment.sig>
More information about the Libguestfs
mailing list