[PATCH 6/6] remote: Don't attempt remote connection from libvirtd
Peter Krempa
pkrempa at redhat.com
Thu Sep 8 15:53:05 UTC 2022
On Thu, Sep 08, 2022 at 16:25:39 +0100, Daniel P. Berrangé wrote:
> On Thu, Sep 08, 2022 at 05:16:00PM +0200, Peter Krempa wrote:
[...]
> > +#ifdef LIBVIRTD
> > + /* When libvirtd is in use we need to avoid any further delegation of the
> > + * connection, which can be attempted in cases when the appropriate
> > + * connection driver was not compiled in. In such case a wrong error message
> > + * would be reported. */
> > + connectFlags |= VIR_CONNECT_NO_REMOTE;
> > +#endif /* LIBVIRTD */
>
> This flag shouldn't be required in the public API. THis code and
> the remote driver are both in the same process, so it ought to be
> possible to block this using the 'inside_daemon' flag that we
> already use for similar reasons in the remote driver. This just
> feels like an edge case that we missed in our use of 'inside_daemon'
Hmm, yeah, it should be possible to achieve the same behaviour by adding
a conditionally compiled block to the 'inside_daemon' block in remoteConnectOpen
which refuses to open the connection if the daemon is 'libvirtd'.
IIUC other daemons do need to allow delegation, right?
More information about the libvir-list
mailing list