[libvirt] [PATCH 00/10] remove repetition of URI path validation
This is a code repetition that I crossed a few times, then I noticed that Cole Robinson suggested a solution for it in the wiki. Here it is. Daniel Henrique Barboza (10): src/driver.c: add virConnectValidateURIPath() interface_backend_netcf.c: use virConnectValidateURIPath() interface_backend_udev.c: use virConnectValidateURIPath() bridge_driver.c: virConnectValidateURIPath() node_device_driver.c: use virConnectValidateURIPath() secret_driver.c: use virConnectValidateURIPath() storage_driver.c: use virConnectValidateURIPath() qemu_driver.c: use virConnectValidateURIPath() vbox_common.c: use virConnectValidateURIPath() vbox_driver.c: use virConnectValidateURIPath() src/driver.c | 25 +++++++++++++++++++++++++ src/driver.h | 4 ++++ src/interface/interface_backend_netcf.c | 17 ++--------------- src/interface/interface_backend_udev.c | 17 ++--------------- src/libvirt_private.syms | 1 + src/network/bridge_driver.c | 19 ++++--------------- src/node_device/node_device_driver.c | 17 ++--------------- src/qemu/qemu_driver.c | 20 ++++---------------- src/secret/secret_driver.c | 17 ++--------------- src/storage/storage_driver.c | 17 ++--------------- src/vbox/vbox_common.c | 16 ++-------------- src/vbox/vbox_driver.c | 16 ++-------------- 12 files changed, 52 insertions(+), 134 deletions(-) -- 2.21.0
The code to validate the URI path is repeated across several files. This patch creates a common validation code to be used across all of them. Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/driver.c | 24 ++++++++++++++++++++++++ src/driver.h | 4 ++++ src/libvirt_private.syms | 1 + 3 files changed, 29 insertions(+) diff --git a/src/driver.c b/src/driver.c index 5e8f68f6df..e627b0c1d7 100644 --- a/src/driver.c +++ b/src/driver.c @@ -269,3 +269,27 @@ virSetConnectStorage(virConnectPtr conn) VIR_DEBUG("Override storage connection with %p", conn); return virThreadLocalSet(&connectStorage, conn); } + +bool +virConnectValidateURIPath(const char *uriPath, + const char *entityName, + bool privileged) +{ + if (privileged) { + if (STRNEQ(uriPath, "/system")) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unexpected %s URI path '%s', try %s:///system"), + entityName, uriPath, entityName); + return false; + } + } else { + if (STRNEQ(uriPath, "/session")) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("unexpected %s URI path '%s', try %s:///session"), + entityName, uriPath, entityName); + return false; + } + } + + return true; +} diff --git a/src/driver.h b/src/driver.h index f7d667a03c..68c0004d86 100644 --- a/src/driver.h +++ b/src/driver.h @@ -127,3 +127,7 @@ int virSetConnectNWFilter(virConnectPtr conn); int virSetConnectNodeDev(virConnectPtr conn); int virSetConnectSecret(virConnectPtr conn); int virSetConnectStorage(virConnectPtr conn); + +bool virConnectValidateURIPath(const char *uriPath, + const char *entityName, + bool privileged); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 39812227aa..eb9c5c22ee 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1343,6 +1343,7 @@ virStreamClass; # driver.h +virConnectValidateURIPath; virGetConnectInterface; virGetConnectNetwork; virGetConnectNodeDev; -- 2.21.0
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/interface/interface_backend_netcf.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/src/interface/interface_backend_netcf.c b/src/interface/interface_backend_netcf.c index 9659e9fcf1..7fe8f230b6 100644 --- a/src/interface/interface_backend_netcf.c +++ b/src/interface/interface_backend_netcf.c @@ -200,21 +200,8 @@ netcfConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } - if (driver->privileged) { - if (STRNEQ(conn->uri->path, "/system")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected interface URI path '%s', try interface:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected interface URI path '%s', try interface:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, "interface", driver->privileged)) + return VIR_DRV_OPEN_ERROR; if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/interface/interface_backend_udev.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c index ddc3de5347..d870e3d1b1 100644 --- a/src/interface/interface_backend_udev.c +++ b/src/interface/interface_backend_udev.c @@ -1250,21 +1250,8 @@ udevConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } - if (driver->privileged) { - if (STRNEQ(conn->uri->path, "/system")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected interface URI path '%s', try interface:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected interface URI path '%s', try interface:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, "interface", driver->privileged)) + return VIR_DRV_OPEN_ERROR; if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/network/bridge_driver.c | 19 ++++--------------- 1 file changed, 4 insertions(+), 15 deletions(-) diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c index c54be96407..c617bbb58f 100644 --- a/src/network/bridge_driver.c +++ b/src/network/bridge_driver.c @@ -938,21 +938,10 @@ networkConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } - if (network_driver->privileged) { - if (STRNEQ(conn->uri->path, "/system")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected network URI path '%s', try network:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected network URI path '%s', try network:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, + "network", + network_driver->privileged)) + return VIR_DRV_OPEN_ERROR; if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/node_device/node_device_driver.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c index 8fb00d0c86..06febacd96 100644 --- a/src/node_device/node_device_driver.c +++ b/src/node_device/node_device_driver.c @@ -58,21 +58,8 @@ nodeConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } - if (driver->privileged) { - if (STRNEQ(conn->uri->path, "/system")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected nodedev URI path '%s', try nodedev:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected nodedev URI path '%s', try nodedev:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, "nodedev", driver->privileged)) + return VIR_DRV_OPEN_ERROR; if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/secret/secret_driver.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 7512a51c74..07ba679541 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -552,21 +552,8 @@ secretConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } - if (driver->privileged) { - if (STRNEQ(conn->uri->path, "/system")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected secret URI path '%s', try secret:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected secret URI path '%s', try secret:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, "secret", driver->privileged)) + return VIR_DRV_OPEN_ERROR; if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/storage/storage_driver.c | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c index ce10b55ed0..1bec2d964f 100644 --- a/src/storage/storage_driver.c +++ b/src/storage/storage_driver.c @@ -411,21 +411,8 @@ storageConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } - if (driver->privileged) { - if (STRNEQ(conn->uri->path, "/system")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected storage URI path '%s', try storage:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected storage URI path '%s', try storage:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, "storage", driver->privileged)) + return VIR_DRV_OPEN_ERROR; if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
The existing QEMU URI path validation considers that a privileged user can use a "/session" URI as well. Let's update virConnectValidateURIPath() to consider this usage, allowing us to use the function inside qemu_driver.c. Although the existing callers of virConnectValidateURIPath() didn't consider that a privileged user could connect with "/session", it is sensible to consider that this should be the case. thus no serious harm is done. Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/driver.c | 3 ++- src/qemu/qemu_driver.c | 20 ++++---------------- 2 files changed, 6 insertions(+), 17 deletions(-) diff --git a/src/driver.c b/src/driver.c index e627b0c1d7..f9c41383dc 100644 --- a/src/driver.c +++ b/src/driver.c @@ -276,7 +276,8 @@ virConnectValidateURIPath(const char *uriPath, bool privileged) { if (privileged) { - if (STRNEQ(uriPath, "/system")) { + if (STRNEQ(uriPath, "/system") && + STRNEQ(uriPath, "/session")) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unexpected %s URI path '%s', try %s:///system"), entityName, uriPath, entityName); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 0753904472..05025e7251 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -1295,22 +1295,10 @@ static virDrvOpenStatus qemuConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; } - if (virQEMUDriverIsPrivileged(qemu_driver)) { - if (STRNEQ(conn->uri->path, "/system") && - STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected QEMU URI path '%s', try qemu:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected QEMU URI path '%s', try qemu:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, + "QEMU", + virQEMUDriverIsPrivileged(qemu_driver))) + return VIR_DRV_OPEN_ERROR; if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
On Mon, Sep 23, 2019 at 11:03:41AM -0300, Daniel Henrique Barboza wrote:
The existing QEMU URI path validation considers that a privileged user can use a "/session" URI as well. Let's update virConnectValidateURIPath() to consider this usage, allowing us to use the function inside qemu_driver.c.
Although the existing callers of virConnectValidateURIPath() didn't consider that a privileged user could connect with "/session", it is sensible to consider that this should be the case. thus no serious harm is done.
That we allowed use of '/session' while connecting as root is a bug IMHO. Ideally we're kill that off entirely, so there's potential for us to allow a genuine session instance daemon as root at a later date. I'm just concerned about whether there might be apps relying on this bug. I certainly don't want to see the bug spread across all drivers though.
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/driver.c | 3 ++- src/qemu/qemu_driver.c | 20 ++++---------------- 2 files changed, 6 insertions(+), 17 deletions(-)
diff --git a/src/driver.c b/src/driver.c index e627b0c1d7..f9c41383dc 100644 --- a/src/driver.c +++ b/src/driver.c @@ -276,7 +276,8 @@ virConnectValidateURIPath(const char *uriPath, bool privileged) { if (privileged) { - if (STRNEQ(uriPath, "/system")) { + if (STRNEQ(uriPath, "/system") && + STRNEQ(uriPath, "/session")) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unexpected %s URI path '%s', try %s:///system"), entityName, uriPath, entityName); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 0753904472..05025e7251 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -1295,22 +1295,10 @@ static virDrvOpenStatus qemuConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; }
- if (virQEMUDriverIsPrivileged(qemu_driver)) { - if (STRNEQ(conn->uri->path, "/system") && - STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected QEMU URI path '%s', try qemu:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected QEMU URI path '%s', try qemu:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, + "QEMU", + virQEMUDriverIsPrivileged(qemu_driver))) + return VIR_DRV_OPEN_ERROR;
if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
On 9/23/19 11:51 AM, Daniel P. Berrangé wrote:
On Mon, Sep 23, 2019 at 11:03:41AM -0300, Daniel Henrique Barboza wrote:
The existing QEMU URI path validation considers that a privileged user can use a "/session" URI as well. Let's update virConnectValidateURIPath() to consider this usage, allowing us to use the function inside qemu_driver.c.
Although the existing callers of virConnectValidateURIPath() didn't consider that a privileged user could connect with "/session", it is sensible to consider that this should be the case. thus no serious harm is done. That we allowed use of '/session' while connecting as root is a bug IMHO. Ideally we're kill that off entirely, so there's potential for us to allow a genuine session instance daemon as root at a later date.
I'm just concerned about whether there might be apps relying on this bug.
In QEMU I believe this would be considered a sort of "API break", then it would be put in a deprecation cycle and, after the cycle (last time I checked it was about 2 years, but I might be wrong) it would be permanently changed. Perhaps a similar approach can be taken here in Libvirt. I mean, in theory we could simply change it, claiming that it is a bug fix and every other driver is forbidding root with 'session' already. In reality, people will get mad about it ...
I certainly don't want to see the bug spread across all drivers though.
I'll resubmit the patch series, creating a new function to emulate the current behavior of qemu_driver, vbox_common and vbox_driver, without changing the behavior of everyone else. I'll put a comment in it to document the problem you mentioned above. At least we have this issue documented in the code (perhaps a TODO/FIXME tag is warranted?) and it's centralized in one place. Thanks, DHB
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/driver.c | 3 ++- src/qemu/qemu_driver.c | 20 ++++---------------- 2 files changed, 6 insertions(+), 17 deletions(-)
diff --git a/src/driver.c b/src/driver.c index e627b0c1d7..f9c41383dc 100644 --- a/src/driver.c +++ b/src/driver.c @@ -276,7 +276,8 @@ virConnectValidateURIPath(const char *uriPath, bool privileged) { if (privileged) { - if (STRNEQ(uriPath, "/system")) { + if (STRNEQ(uriPath, "/system") && + STRNEQ(uriPath, "/session")) { virReportError(VIR_ERR_INTERNAL_ERROR, _("unexpected %s URI path '%s', try %s:///system"), entityName, uriPath, entityName); diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 0753904472..05025e7251 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -1295,22 +1295,10 @@ static virDrvOpenStatus qemuConnectOpen(virConnectPtr conn, return VIR_DRV_OPEN_ERROR; }
- if (virQEMUDriverIsPrivileged(qemu_driver)) { - if (STRNEQ(conn->uri->path, "/system") && - STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected QEMU URI path '%s', try qemu:///system"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unexpected QEMU URI path '%s', try qemu:///session"), - conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, + "QEMU", + virQEMUDriverIsPrivileged(qemu_driver))) + return VIR_DRV_OPEN_ERROR;
if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; -- 2.21.0
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list Regards, Daniel
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/vbox/vbox_common.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/src/vbox/vbox_common.c b/src/vbox/vbox_common.c index ddabcb80ca..d3b8fb625f 100644 --- a/src/vbox/vbox_common.c +++ b/src/vbox/vbox_common.c @@ -517,20 +517,8 @@ vboxConnectOpen(virConnectPtr conn, virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR); - if (uid != 0) { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unknown driver path '%s' specified (try vbox:///session)"), conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { /* root */ - if (STRNEQ(conn->uri->path, "/system") && - STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unknown driver path '%s' specified (try vbox:///system)"), conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, "vbox", uid == 0)) + return VIR_DRV_OPEN_ERROR; if (!(driver = vboxGetDriverConnection())) return VIR_DRV_OPEN_ERROR; -- 2.21.0
Suggested-by: Cole Robinson <crobinso@redhat.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com> --- src/vbox/vbox_driver.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/src/vbox/vbox_driver.c b/src/vbox/vbox_driver.c index 1f31fa28df..d7e80828ab 100644 --- a/src/vbox/vbox_driver.c +++ b/src/vbox/vbox_driver.c @@ -58,20 +58,8 @@ static virDrvOpenStatus dummyConnectOpen(virConnectPtr conn, virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR); - if (uid != 0) { - if (STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unknown driver path '%s' specified (try vbox:///session)"), conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } else { /* root */ - if (STRNEQ(conn->uri->path, "/system") && - STRNEQ(conn->uri->path, "/session")) { - virReportError(VIR_ERR_INTERNAL_ERROR, - _("unknown driver path '%s' specified (try vbox:///system)"), conn->uri->path); - return VIR_DRV_OPEN_ERROR; - } - } + if (!virConnectValidateURIPath(conn->uri->path, "vbox", uid == 0)) + return VIR_DRV_OPEN_ERROR; virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("unable to initialize VirtualBox driver API")); -- 2.21.0
participants (2)
-
Daniel Henrique Barboza -
Daniel P. Berrangé