Re: [libvirt] [PATCH 2/2] virt-login-shell joins users into lxc container.
On 12/23/2013 03:12 PM, Eric Blake wrote:
> Only users who are listed as valid_users in
/etc/libvirt/virt-login-shell.conf
> are allowed to join containers using this tool. By default no users are allowed.
Problem. This is how things get installed:
# ls -ld /etc/libvirt/ /etc/libvirt/virt-login-shell.conf
/bin/virt-login-shell
-rwsr-x---. 1 root virtlogin 891744 Dec 4 01:37 /bin/virt-login-shell
drwx------. 6 root root 4096 Dec 23 13:22 /etc/libvirt/
-rw-r--r--. 1 root root 1244 Dec 23 13:22
/etc/libvirt/virt-login-shell.conf
> + if (!(conf = virConfReadFile(login_shell_path, 0)))
> + goto cleanup;
...and non-root invariably fails here, since login_shell_path
(/etc/libvirt/virt-login-shell.conf) is buried inside a directory that
is not searchable by either root or virtlogin.
Ah, I see - non-root fails here if run unprivileged (such as under gdb),
but when run setuid it has the permissions of root and can read the file
just fine. So this is a case where we are really relying on ALL of the
setuid power, rather than one where we could use capability labeling on
the binary rather than a full-blown setuid, making it harder to minimize
the power of the binary on systems that try to avoid setuid by use of
caps. It's also making my life much tougher to try and debug the other
bugs in this program.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)