[libvirt] [PATCH 40/41] remote: switch to connect to per-driver daemons by default
Daniel P. Berrangé
berrange at redhat.com
Mon Jul 29 15:49:04 UTC 2019
On Mon, Jul 29, 2019 at 02:32:31PM +0200, Andrea Bolognani wrote:
> On Tue, 2019-07-23 at 17:03 +0100, Daniel P. Berrangé wrote:
> [...]
> > If connecting to a remote host over any kind of ssh tunnel, for now we
> > must assume only the legacy socket exists. A future patch will introduce
> > a netcat replacement that is tailored for libvirt to make remote
> > tunnelling easier.
> >
> > The configure arg '--with-remote-default-mode=legacy|direct' allows
> > packagers to set a default at build time. If not given, it will default
> > to direct mode.
> >
> > In RPM builds this is overriden, because before we can default to the
> > new daemons, we must get SELinux policy written & the timeframe for that
> > is unclear at this stage.
> > @@ -758,21 +776,126 @@ remoteGetUNIXSocket(remoteDriverTransport transport,
> > if (!(userdir = virGetUserRuntimeDirectory()))
> > return NULL;
> >
> > - if (virAsprintf(&sockname,
> > - "%s/" LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0)
> > + if (virAsprintf(&sockname, "%s/%s-sock",
> > + userdir, sock_prefix) < 0)
>
> I kinda just noticed, but don't we support R/O connections in
> session mode?
The client app is required to be the same user ID as the daemon.
As such there's no meaningful security separation between the
two from a DAC pov, so R/O socket was deemed to be a waste of
time.
If you had SELinux strictly locking things down it could be
considered slightly more secure, but no one has ever cared
enough to enable it.
> > + if (!direct_sock_name) {
> > + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
> > + _("Cannot use direct socket mode if no URI is set"));
> > + return NULL;
> > + }
>
> Is the error message accurate? We should be way past making sure we
> have a URI to work with by now.
We'll only hit direct_sock_name == NULL, if driver == NULL.
We'll only hit driver == NULL, if the original URI was NULL.
> > +#ifndef WIN32
> > +static const char *
> > +remoteGetDaemonPathEnv(void)
> > +{
> > + /* We prefer a VIRTD_PATH env var to use for all daemons,
> > + * but if it is not set we will fallback to LIBVIRTD_PATH
> > + * for previous behaviour
> > + */
> > + if (virGetEnvBlockSUID("VIRTD_PATH") != NULL) {
> > + return "VIRTD_PATH";
> > + } else {
> > + return "LIBVIRTD_PATH";
> > + }
> > +}
> > +#endif /* WIN32 */
>
> I don't think this function needs to be guarded by 'ifndef WIN32':
> we already do so at the call site, and AFAICT there's nothing in the
> helper itself that warrants compiling it out on Windows.
It is a static function, so will trigger an unused function warning.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list