We currently refuse to connect to remote libvirtd over SSH if we see the
path ends in /session. Earlier on though we checked for /session and set
the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction
though with the test driver. All test URIs are marked with this flag,
regardless of whether the URI indicates a local or remote connection.
Previously a local connection to the test driver would have used the
unprivileged libvirtd while a remote connection would have tried the
privileged libvirtd. With this we are consistent and use the
unprivileged for both local & remote, if the current user is non-root.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
src/remote/remote_driver.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 0a37a63e8d..e1eaa56230 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1002,7 +1002,7 @@ doRemoteOpen(virConnectPtr conn,
case trans_libssh2:
if (!sockname) {
/* Right now we don't support default session connections */
- if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+ if (flags & VIR_DRV_OPEN_REMOTE_USER) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Connecting to session instance without "
"socket path is not supported by the libssh2 "
@@ -1037,7 +1037,7 @@ doRemoteOpen(virConnectPtr conn,
case trans_libssh:
if (!sockname) {
/* Right now we don't support default session connections */
- if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+ if (flags & VIR_DRV_OPEN_REMOTE_USER) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Connecting to session instance without "
"socket path is not supported by the libssh "
@@ -1103,7 +1103,7 @@ doRemoteOpen(virConnectPtr conn,
if (!sockname) {
/* Right now we don't support default session connections */
- if (STREQ_NULLABLE(conn->uri->path, "/session")) {
+ if (flags & VIR_DRV_OPEN_REMOTE_USER) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Connecting to session instance without "
"socket path is not supported by the ssh "
--
2.21.0
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On 6/19/19 12:43 PM, Daniel P. Berrangé wrote: > We currently refuse to connect to remote libvirtd over SSH if we see the > path ends in /session. Earlier on though we checked for /session and set > the VIR_DRV_OPEN_REMOTE_USER flag. There is one subtle distinction > though with the test driver. All test URIs are marked with this flag, > regardless of whether the URI indicates a local or remote connection. > Previously a local connection to the test driver would have used the > unprivileged libvirtd while a remote connection would have tried the > privileged libvirtd. With this we are consistent and use the > unprivileged for both local & remote, if the current user is non-root. > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > src/remote/remote_driver.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.