[libvirt] [PATCH v2 08/11] driver.c: change URI validation to handle QEMU and vbox case
Cole Robinson
crobinso at redhat.com
Tue Sep 24 18:09:10 UTC 2019
On 9/23/19 4:44 PM, Daniel Henrique Barboza wrote:
> The existing QEMU and vbox URI path validation consider
> that a privileged user can use both a "/system" and a
> "/session" URI. This differs from all the other drivers
> that forbids the root user to use "/session" URI.
>
> Let's update virConnectValidateURIPath() to handle these
> cases as exceptions, using the already existent 'entityName'
> value to handle "QEMU" and "vbox" differently. This allows
> us to use the validateURI function in these cases without
> changing the existing behavior of other drivers.
>
> Signed-off-by: Daniel Henrique Barboza <danielhb413 at gmail.com>
> ---
> src/driver.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/src/driver.c b/src/driver.c
> index e627b0c1d7..c89a410dd1 100644
> --- a/src/driver.c
> +++ b/src/driver.c
> @@ -276,7 +276,23 @@ virConnectValidateURIPath(const char *uriPath,
> bool privileged)
> {
> if (privileged) {
> - if (STRNEQ(uriPath, "/system")) {
> + /* TODO: QEMU and vbox drivers allow '/session'
> + * connections as root. This is not ideal, but changing
> + * these drivers to refuse privileged '/session'
> + * connections, like everyone else is already doing, can
> + * break existing applications. Until we decide what to do,
> + * for now we can handle them as exception in this validate
> + * function.
> + */
> + if (STREQ(entityName, "QEMU") || STREQ(entityName, "vbox")) {
> + if (STRNEQ(uriPath, "/system") &&
> + STRNEQ(uriPath, "/session")) {
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("unexpected %s URI path '%s', try %s:///system"),
> + entityName, uriPath, entityName);
> + return false;
> + }
I like the approach of hiding the behavior in this function, it will
make it harder for new usages to slip in. I don't think it should
duplicate the whole block though. You could do something like
bool compatSessionRoot = (STREQ(entityName, "QEMU") ||
STREQ(entityName, "vbox");
And use that to conditionalize the /session check in those block
Also, break up the > 80 long lines in the other patches, besides the
error strings those ConnectOpen functions don't seem to have any long
lines. After that I think the series will be good
Thanks,
Cole
More information about the libvir-list
mailing list