[libvirt] [PATCH sandbox 2/3] Explicitly check for supported URIs when starting guests

Cedric Bosdonnat cbosdonnat at suse.com
Tue Jun 16 15:00:22 UTC 2015


On Tue, 2015-06-16 at 12:25 +0100, Daniel P. Berrange wrote:
> While the sandbox API is designed to be hypervisor agnostic,
> the internal implementation needs work for each hypervisor
> target. To avoid user errors at runtime, do an upfront check
> to see if the URI they supply is suitable. Since we don't
> support remote executions, we do a straight string comparison
> on the URI, instead of just a protocol check
> ---
>  .../libvirt-sandbox-context-interactive.c          | 27 ++++++++++++++++++++++
>  po/POTFILES.in                                     |  1 +
>  2 files changed, 28 insertions(+)
> 
> diff --git a/libvirt-sandbox/libvirt-sandbox-context-interactive.c b/libvirt-sandbox/libvirt-sandbox-context-interactive.c
> index 78b2fbd..3ab63ec 100644
> --- a/libvirt-sandbox/libvirt-sandbox-context-interactive.c
> +++ b/libvirt-sandbox/libvirt-sandbox-context-interactive.c
> @@ -24,6 +24,8 @@
>  #include <string.h>
>  #include <errno.h>
>  
> +#include <glib/gi18n.h>
> +
>  #include "libvirt-sandbox/libvirt-sandbox.h"
>  
>  /**
> @@ -60,6 +62,13 @@ enum {
>  
>  //static gint signals[LAST_SIGNAL];
>  
> +#define GVIR_SANDBOX_CONTEXT_INTERACTIVE_ERROR gvir_sandbox_context_interactive_error_quark()
> +
> +static GQuark
> +gvir_sandbox_context_interactive_error_quark(void)
> +{
> +    return g_quark_from_static_string("gvir-sandbox-context-interactive");
> +}
>  
>  static void gvir_sandbox_context_interactive_get_property(GObject *object,
>                                                            guint prop_id,
> @@ -198,6 +207,7 @@ static gboolean gvir_sandbox_context_interactive_start(GVirSandboxContext *ctxt,
>      gchar *emptydir;
>      gchar *configfile;
>      gboolean ret = FALSE;
> +    const gchar *uri;
>  
>      if (!GVIR_SANDBOX_CONTEXT_CLASS(gvir_sandbox_context_interactive_parent_class)->start(ctxt, error))
>          return FALSE;
> @@ -213,6 +223,23 @@ static gboolean gvir_sandbox_context_interactive_start(GVirSandboxContext *ctxt,
>      configfile = g_build_filename(configdir, "sandbox.cfg", NULL);
>      emptydir = g_build_filename(configdir, "empty", NULL);
>  
> +    uri = gvir_connection_get_uri(connection);
> +
> +    if (geteuid() == 0) {
> +        if (!g_str_equal(uri, "lxc:///") &&
> +            !g_str_equal(uri, "qemu:///system")) {
> +            g_set_error(error, GVIR_SANDBOX_CONTEXT_INTERACTIVE_ERROR, 0,
> +                        _("Only 'lxc:///' or 'qemu:///system' URIs supported when running as root"));
> +            goto cleanup;
> +        }
> +    } else {
> +        if (!g_str_equal(uri, "qemu:///session")) {
> +            g_set_error(error, GVIR_SANDBOX_CONTEXT_INTERACTIVE_ERROR, 0,
> +                        _("Only 'qemu:///session' URIs supported when running as non-root"));
> +            goto cleanup;
> +        }
> +    }
> +
>      if (!(builder = gvir_sandbox_builder_for_connection(connection,
>                                                          error)))
>          goto cleanup;
> diff --git a/po/POTFILES.in b/po/POTFILES.in
> index 653abc5..11bd5e7 100644
> --- a/po/POTFILES.in
> +++ b/po/POTFILES.in
> @@ -7,5 +7,6 @@ libvirt-sandbox/libvirt-sandbox-console.c
>  libvirt-sandbox/libvirt-sandbox-console-raw.c
>  libvirt-sandbox/libvirt-sandbox-console-rpc.c
>  libvirt-sandbox/libvirt-sandbox-context.c
> +libvirt-sandbox/libvirt-sandbox-context-interactive.c
>  libvirt-sandbox/libvirt-sandbox-init-common.c
>  libvirt-sandbox/libvirt-sandbox-rpcpacket.c

ACK

--
Cedric




More information about the libvir-list mailing list