[libvirt] [PATCH] remote: use VIR_DRV_OPEN_REMOTE_USER in ssh transport checks
- First Post
- Replies
- Stats
-
Go to
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
We currently refuse to connect to remote libvirtd over SSH if we see the
path ends in /session. Earlier on though we checked for /session and set
the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction
though with the test driver. All test URIs are marked with this flag,
regardless of whether the URI indicates a local or remote connection.
Previously a local connection to the test driver would have used the
unprivileged libvirtd while a remote connection would have tried the
privileged libvirtd. With this we are consistent and use the
unprivileged for both local & remote, if the current user is non-root.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/remote/remote_driver.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 0a37a63e8d..e1eaa56230 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1002,7 +1002,7 @@ doRemoteOpen(virConnectPtr conn,
case trans_libssh2:
if (!sockname) {
/* Right now we don't support default session connections */
- if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+ if (flags & VIR_DRV_OPEN_REMOTE_USER) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Connecting to session instance without "
"socket path is not supported by the libssh2
"
@@ -1037,7 +1037,7 @@ doRemoteOpen(virConnectPtr conn,
case trans_libssh:
if (!sockname) {
/* Right now we don't support default session connections */
- if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+ if (flags & VIR_DRV_OPEN_REMOTE_USER) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Connecting to session instance without "
"socket path is not supported by the libssh "
@@ -1103,7 +1103,7 @@ doRemoteOpen(virConnectPtr conn,
if (!sockname) {
/* Right now we don't support default session connections */
- if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+ if (flags & VIR_DRV_OPEN_REMOTE_USER) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Connecting to session instance without "
"socket path is not supported by the ssh "
--
2.21.0
On 6/19/19 12:43 PM, Daniel P. Berrangé wrote:
We currently refuse to connect to remote libvirtd over SSH if we see
the
path ends in /session. Earlier on though we checked for /session and set
the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction
though with the test driver. All test URIs are marked with this flag,
regardless of whether the URI indicates a local or remote connection.
Previously a local connection to the test driver would have used the
unprivileged libvirtd while a remote connection would have tried the
privileged libvirtd. With this we are consistent and use the
unprivileged for both local & remote, if the current user is non-root.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/remote/remote_driver.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
Michal
1983
days inactive
1983
days old
1 comments
2 participants
tags (0)
participants (2)
-
Daniel P. Berrangé -
Michal Privoznik