10 a.m.
The virt-login-shell setuid program is now a tiny piece of code
that only uses standard libc functions, and santizes the execution
environment before invoking the real virt-login-shell-helper.
The latter is thus able to use the normal libvirt.so build,
allowing us to delete the special cut down setuid library build.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
config-post.h | 34 +++------------
configure.ac | 3 --
src/Makefile.am | 101 ---------------------------------------------
src/libvirt.c | 32 ++++++--------
src/util/virfile.c | 2 +-
5 files changed, 19 insertions(+), 153 deletions(-)
diff --git a/config-post.h b/config-post.h
index 093f84a7ce..a11f9c83d6 100644
--- a/config-post.h
+++ b/config-post.h
@@ -17,39 +17,15 @@
*/
/*
- * Since virt-login-shell will be setuid, we must do everything
- * we can to avoid linking to other libraries. Many of them do
- * unsafe things in functions marked __attribute__((constructor)).
+ * The NSS module can be loaded into any binary and thus we want
+ * to minimize what code is liable to be run. Especiall we need
+ * to minimize use of any 3rd party libraries which have
+ * __attribute__((constructor)) functions.
+ *
* The only way to avoid such deps is to re-compile the
* functions with the code in question disabled, and for that we
* must override the main config.h rules. Hence this file :-(
*/
-
-#ifdef LIBVIRT_SETUID_RPC_CLIENT
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DBUS
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_SYSTEMD_DAEMON
-# undef WITH_VIRTUALPORT
-# undef WITH_YAJL
-#endif
-
-/*
- * With the NSS module it's the same story as virt-login-shell. See the
- * explanation above.
- */
#ifdef LIBVIRT_NSS
# undef HAVE_LIBNL
# undef HAVE_LIBNL3
diff --git a/configure.ac b/configure.ac
index d18d427695..3f1124609d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -512,9 +512,6 @@ dnl
AC_CHECK_HEADERS([linux/kvm.h])
-AM_CONDITIONAL([WITH_SETUID_RPC_CLIENT], [test "$with_lxc$with_login_shell" !=
"nono"])
-
-
dnl
dnl check for kernel headers required by src/bridge.c
dnl
diff --git a/src/Makefile.am b/src/Makefile.am
index 4a8cae11dc..8ca714dd34 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -647,107 +647,6 @@ libvirt_lxc_la_LDFLAGS = \
libvirt_lxc_la_CFLAGS = $(AM_CFLAGS)
libvirt_lxc_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD)
-# Since virt-login-shell will be setuid, we must do everything
-# we can to avoid linking to other libraries. Many of them do
-# unsafe things in functions marked __attribute__((constructor)).
-# This library is built to include the bare minimum required to
-# have a RPC client for local UNIX socket access only. We use
-# the ../config-post.h header to disable all external deps that
-# we don't want
-if WITH_SETUID_RPC_CLIENT
-noinst_LTLIBRARIES += libvirt-setuid-rpc-client.la
-
-libvirt_setuid_rpc_client_la_SOURCES = \
- util/viralloc.c \
- util/virarch.c \
- util/viratomic.c \
- util/viratomic.h \
- util/virautoclean.h \
- util/virbitmap.c \
- util/virbuffer.c \
- util/vircgroup.c \
- util/vircgroupbackend.c \
- util/vircgroupv1.c \
- util/vircgroupv2.c \
- util/vircommand.c \
- util/virconf.c \
- util/virdbus.c \
- util/virenum.c \
- util/virerror.c \
- util/virevent.c \
- util/vireventpoll.c \
- util/virfile.c \
- util/virgettext.c \
- util/virhash.c \
- util/virhashcode.c \
- util/virhostcpu.c \
- util/virjson.c \
- util/virlog.c \
- util/virobject.c \
- util/virpidfile.c \
- util/virprocess.c \
- util/virrandom.c \
- util/virsocketaddr.c \
- util/virstring.c \
- util/virsystemd.c \
- util/virtime.c \
- util/virthread.c \
- util/virthreadjob.c \
- util/virtypedparam.c \
- util/viruri.c \
- util/virutil.c \
- util/viruuid.c \
- conf/domain_event.c \
- conf/network_event.c \
- conf/object_event.c \
- conf/storage_event.c \
- conf/node_device_event.c \
- conf/secret_event.c \
- rpc/virnetsocket.c \
- rpc/virnetsocket.h \
- rpc/virnetmessage.h \
- rpc/virnetmessage.c \
- rpc/virkeepalive.c \
- rpc/virkeepalive.h \
- rpc/virnetclient.c \
- rpc/virnetclientprogram.c \
- rpc/virnetclientstream.c \
- rpc/virnetprotocol.c \
- remote/remote_driver.c \
- remote/remote_protocol.c \
- remote/qemu_protocol.c \
- remote/lxc_protocol.c \
- datatypes.c \
- libvirt.c \
- libvirt-domain.c \
- libvirt-domain-checkpoint.c \
- libvirt-domain-snapshot.c \
- libvirt-host.c \
- libvirt-interface.c \
- libvirt-network.c \
- libvirt-nodedev.c \
- libvirt-nwfilter.c \
- libvirt-secret.c \
- libvirt-storage.c \
- libvirt-stream.c \
- libvirt-lxc.c \
- $(NULL)
-
-libvirt_setuid_rpc_client_la_LDFLAGS = \
- $(AM_LDFLAGS) \
- $(LIBXML_LIBS) \
- $(SECDRIVER_LIBS) \
- $(NULL)
-libvirt_setuid_rpc_client_la_CFLAGS = \
- -DLIBVIRT_SETUID_RPC_CLIENT \
- -I$(srcdir)/conf \
- -I$(srcdir)/rpc \
- $(AM_CFLAGS) \
- $(SECDRIVER_CFLAGS) \
- $(XDR_CFLAGS) \
- $(NULL)
-endif WITH_SETUID_RPC_CLIENT
-
EXTRA_DIST += $(SYSCONF_FILES)
install-sysconfig:
diff --git a/src/libvirt.c b/src/libvirt.c
index f0a768fc7e..489785cec4 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -280,43 +280,37 @@ virGlobalInit(void)
goto error;
#endif /* HAVE_LIBINTL_H */
- /*
- * Note we must avoid everything except 'remote' driver
- * for virt-login-shell usage
- */
-#ifndef LIBVIRT_SETUID_RPC_CLIENT
/*
* Note that the order is important: the first ones have a higher
* priority when calling virConnectOpen.
*/
-# ifdef WITH_TEST
+#ifdef WITH_TEST
if (testRegister() == -1)
goto error;
-# endif
-# ifdef WITH_OPENVZ
+#endif
+#ifdef WITH_OPENVZ
if (openvzRegister() == -1)
goto error;
-# endif
-# ifdef WITH_VMWARE
+#endif
+#ifdef WITH_VMWARE
if (vmwareRegister() == -1)
goto error;
-# endif
-# ifdef WITH_PHYP
+#endif
+#ifdef WITH_PHYP
if (phypRegister() == -1)
goto error;
-# endif
-# ifdef WITH_ESX
+#endif
+#ifdef WITH_ESX
if (esxRegister() == -1)
goto error;
-# endif
-# ifdef WITH_HYPERV
+#endif
+#ifdef WITH_HYPERV
if (hypervRegister() == -1)
goto error;
-# endif
-# ifdef WITH_XENAPI
+#endif
+#ifdef WITH_XENAPI
if (xenapiRegister() == -1)
goto error;
-# endif
#endif
#ifdef WITH_REMOTE
if (remoteRegister() == -1)
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 082aac12c8..775192ff00 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -632,7 +632,7 @@ int virFileUpdatePerm(const char *path,
#if defined(__linux__) && HAVE_DECL_LO_FLAGS_AUTOCLEAR && \
- !defined(LIBVIRT_SETUID_RPC_CLIENT) && !defined(LIBVIRT_NSS)
+ !defined(LIBVIRT_NSS)
# if HAVE_DECL_LOOP_CTL_GET_FREE
--
2.21.0