Re: [libvirt] Pass additional environmental variables
On Wed, Aug 13, 2014 at 09:57:28AM +0200, Michal Privoznik wrote:
On 12.08.2014 21:09, Sean Noonan wrote:
> We're using sasl+gssapi+kerberos to do authentication for libvirt,
> including from hypervisor to hypervisor. However, the environmental
> variable filtering implemented in libvirt prevents this from working, so
> we're forced to run a locally patched version.
>
> Thoughts on the following patch to pass the location of the local
> credential cache as well?
>
> --- a/src/util/vircommand.c 2014-01-07 14:14:11.388934108 +0000
> +++ b/src/util/vircommand.c 2014-01-07 14:18:14.725082505 +0000
> @@ -1314,6 +1314,7 @@
>
> virCommandAddEnvPair(cmd, "LC_ALL", "C");
>
> + virCommandAddEnvPassBlockSUID(cmd, "KRB5CCNAME", NULL);
> virCommandAddEnvPassBlockSUID(cmd, "LD_PRELOAD", NULL);
> virCommandAddEnvPassBlockSUID(cmd, "LD_LIBRARY_PATH", NULL);
> virCommandAddEnvPassBlockSUID(cmd, "PATH",
"/bin:/usr/bin");
I've got some doubts whether this is the correct approach. This will
pass the environment variable to every command spawned. Do we really
want every command have access to kerberos tickets? On the other hand,
we've done this for a limited use case:
Yeah, the reason we block nearly all env from commands by default
is to ensure we have a known safe environment. So I'd prefer that
we only set KRB5CCNAME in the specific places that need it. Beyond
the ssh client we're spawning, which places need it ? I could
see that we probably want it for auto-spawning of libvirtd itself
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|