On Wed, Nov 30, 2016 at 10:59:35AM +0100, Michal Privoznik wrote:
So far the NSS module looks up only hostnames as provided by
guests themselves. However, there are some cases where this is
not enough: e.g. when there's a fresh new guest being installed
(with some generic hostname) say from a live ISO image; or some
(older) systems don't advertise their hostname in DHCP
transactions at all.
In cases like that it would be helpful if we translate domain
name as seen by libvirt too so that users can:
# virsh start $dom && ssh $dom
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
So, IIUC, with this change the nss module is able to lookup
based on hostname *or* the guest name.
I think it is desirable if the admin can control which is
used. In particular as an admin I'd like to prevent the
ability to use hostname at all, since this data may
come from an untrustworthy guest.
IOW, should we actually create two separate NSS modules,
one that does DHCP hostname based lookups and one that
does guest name based lookups. Admins can then choose
which to use, or even list both in nssswitch.conf
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://entangle-photo.org -o-
http://search.cpan.org/~danberr/ :|