[libvirt] Pass additional environmental variables
Daniel P. Berrange
berrange at redhat.com
Wed Aug 13 09:23:20 UTC 2014
On Wed, Aug 13, 2014 at 09:57:28AM +0200, Michal Privoznik wrote:
> On 12.08.2014 21:09, Sean Noonan wrote:
> > We're using sasl+gssapi+kerberos to do authentication for libvirt,
> > including from hypervisor to hypervisor. However, the environmental
> > variable filtering implemented in libvirt prevents this from working, so
> > we're forced to run a locally patched version.
> >
> > Thoughts on the following patch to pass the location of the local
> > credential cache as well?
> >
> > --- a/src/util/vircommand.c 2014-01-07 14:14:11.388934108 +0000
> > +++ b/src/util/vircommand.c 2014-01-07 14:18:14.725082505 +0000
> > @@ -1314,6 +1314,7 @@
> >
> > virCommandAddEnvPair(cmd, "LC_ALL", "C");
> >
> > + virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL);
> > virCommandAddEnvPassBlockSUID(cmd, "LD_PRELOAD", NULL);
> > virCommandAddEnvPassBlockSUID(cmd, "LD_LIBRARY_PATH", NULL);
> > virCommandAddEnvPassBlockSUID(cmd, "PATH", "/bin:/usr/bin");
>
> I've got some doubts whether this is the correct approach. This will
> pass the environment variable to every command spawned. Do we really
> want every command have access to kerberos tickets? On the other hand,
> we've done this for a limited use case:
Yeah, the reason we block nearly all env from commands by default
is to ensure we have a known safe environment. So I'd prefer that
we only set KRB5CCNAME in the specific places that need it. Beyond
the ssh client we're spawning, which places need it ? I could
see that we probably want it for auto-spawning of libvirtd itself
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list