[libvirt] [PATCH 00/17] Make virt-login-shell suck much less

Daniel P. Berrange berrange at redhat.com
Fri Jun 10 10:19:43 UTC 2016


On Thu, Apr 14, 2016 at 04:22:03PM +0100, Daniel P. Berrange wrote:
> The virt-login-shell is a program intended to be run as the
> login shell for a user in the host OS. When invoked it will
> connect to libvirtd and run a shell inside the container
> whose name matches the login user.
> 
> The current impl of virt-login-shell has a number of
> limitations with it that make it painful to use in practice
> 
>  - It leaks env variables set by the host PAM stack into
>    the containerized shell. eg things like XDG_RUNTIME_DIR
>    get left set pointing to directories only visible on
>    the host.
> 
>  - You can't use scp to copy things directly into the
>    container, because it doesn't support the '-c' arg
>    that openssh expects shells to have
> 
>  - The choice of user shell is hardcoded on the host
>    side and so won't honour /etc/passwd settings inside
>    the container
> 
>  - It doesn't join the new shell into the containers
>    cgroups, so resources limits are not correctly applied
> 
>  - It throws away most error messages making diagnosis
>    of problems (such as missing homedir in the container)
>    impossible.
> 
> This series of patches fixes all these problems making
> virt-login-shell a much more pleasant thing to use in
> the real world.
> 
> The series is bigger than I would have liked because it
> turns out nodeinfo.c is a big mess of code. Because
> virt-login-shell is setuid we need to be selective about
> what we link it, and nodeinfo.c pulled in a huge chain
> of dependant code. So the first half ot he series is
> all about refactoring nodeinfo.c to isolate it into
> smaller pieces.

Completely forgot to push this series after John's reviews,
due to waiting for the 1.3.4 freeze to finish. I've changed
the version number for the new API to 1.3.6 and pushed now.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list