[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH] libvirt: disallow non-local connections (RHBZ#1347830)



On Wed, Jun 28, 2017 at 10:33:48AM +0200, Pino Toscano wrote:
> On Tuesday, 27 June 2017 22:56:25 CEST Richard W.M. Jones wrote:
> > 
> > Not that I'm opposed to this patch, but there's a bit of history here:
> > 
> > https://www.redhat.com/archives/libguestfs/2012-December/msg00120.html
> 
> Hm it doesn't say much more about that though, and the solution I
> implemented is even less strict than what Dan suggested back then.
> 
> > I think it would be good for libvirt to address the "is remote" issue,
> > which libvirt is (in theory) in the best place to address, eg by
> > comparing systemd /etc/machine-id on both systems.
> 
> I took the approach from what virt-manager does, i.e. consider local
> connections whose URI has an empty hostname.

Right, but ::1 and 127.0.0.1 etc are non-empty hostnames which refer
to the local machine.  I really think if we're going to add a check we
should add a correct check, and the only way to do this properly is in
libvirt.

> OTOH, currently in libvirt there is still no reliable way to detect
> whether some connection is local: the internal calculation of the UUID
> for the capabilities may use files and tools which can be read and run
> by root only, so the output on the same host changes depending on the
> user.

Can't we get libvirt to export the machine ID in capabilities?

There is already a //host/uuid field, but as you point out it
is different for different users (WTF?)

> > Then we could use that to deny remote URIs, but probably we wouldn't
> > want to deny it completely, but allow a way for callers to bypass the
> > check if they know better.
> 
> That could be a good idea, how would you expect this bypass to look
> like?

I'm not sure.  An extra parameter passed in .query_raw I suppose.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]