Re: [PATCH] Passing a domain XML to a polkit rule engine
On Thu, Jan 09, 2025 at 12:03:58AM -0500, Takuya Nakaike wrote:
This patch is a draft implementation to pass a domain
XML to a polkit access driver. With this new feature, a polkit rule can
verify the domain XML to be deployed on a host, and thus protect deploying a
malicious VM.
There is a discussion about this new feature in the following issue.
https://gitlab.com/libvirt/libvirt/-/issues/719
Any question, comment, and suggestion are welcome. Thanks,
Lets keep discussion on that issue. My comments there express why I think
this is a bad approach that should not be merged.
diff --git a/src/access/viraccessdriverpolkit.c
b/src/access/viraccessdriverpolkit.c
index 83381183a5..56457010e0 100644
--- a/src/access/viraccessdriverpolkit.c
+++ b/src/access/viraccessdriverpolkit.c
@@ -177,10 +177,12 @@ virAccessDriverPolkitCheckDomain(virAccessManager *manager,
virAccessPermDomain perm)
{
char uuidstr[VIR_UUID_STRING_BUFLEN];
+ char *xml = virAccessManagerGetXMLDesc(domain);
const char *attrs[] = {
"connect_driver", driverName,
"domain_name", domain->name,
"domain_uuid", uuidstr,
+ "xml", xml != NULL ? xml : "",
NULL,
};
NB, that's a memory leak
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|