[libvirt] [PATCH] remote: refactor how unprivileged user session connection is identified

Daniel P. Berrangé posted 1 patch 4 years, 9 months ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20190619130935.6879-1-berrange@redhat.com
src/remote/remote_driver.c | 26 ++++++++++++++++++--------
1 file changed, 18 insertions(+), 8 deletions(-)
[libvirt] [PATCH] remote: refactor how unprivileged user session connection is identified
Posted by Daniel P. Berrangé 4 years, 9 months ago
Currently the VIR_DRV_OPEN_REMOTE_USER flag is only set when we identify
that we're connecting to a local libvirtd daemon. We would like to be
able to set that even if connecting to a remote libvirtd daemon. This
entails refactoring the conditional check.

One subtle change is that the VIR_DRV_OPEN_REMOTE_USER is now set when
the test+XXX://  URI is used, even if a servername is present. This has
no effect in this patch, but will later.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/remote/remote_driver.c | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index a95781a797..e1eaa56230 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -1390,25 +1390,35 @@ remoteConnectOpen(virConnectPtr conn,
         rflags |= VIR_DRV_OPEN_REMOTE_RO;
 
     /*
-     * If no servername is given, and no +XXX
-     * transport is listed, or transport is unix,
-     * and path is /session, and uid is unprivileged
-     * then auto-spawn a daemon.
+     * User session daemon is used for
+     *
+     *  - Any URI with /session suffix
+     *  - Test driver, if a protocol is given
+     *
+     * provided we are running non-root
      */
     if (conn->uri &&
-        !conn->uri->server &&
         conn->uri->path &&
         conn->uri->scheme &&
-        (transport == NULL || STREQ(transport, "unix")) &&
         (STREQ(conn->uri->path, "/session") ||
          STRPREFIX(conn->uri->scheme, "test+")) &&
         geteuid() > 0) {
-        VIR_DEBUG("Auto-spawn user daemon instance");
+        VIR_DEBUG("User session daemon required");
         rflags |= VIR_DRV_OPEN_REMOTE_USER;
+
+        /*
+         * Furthermore if no servername is given, and no +XXX
+         * transport is listed, or transport is unix,
+         * and uid is unprivileged then auto-spawn a daemon.
+         */
         if (!virIsSUID() &&
+            !conn->uri->server &&
+            (transport == NULL || STREQ(transport, "unix")) &&
             (!autostart ||
-             STRNEQ(autostart, "0")))
+             STRNEQ(autostart, "0"))) {
+            VIR_DEBUG("Try daemon autostart");
             rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
+        }
     }
 
     /*
-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] remote: refactor how unprivileged user session connection is identified
Posted by Michal Privoznik 4 years, 9 months ago
On 6/19/19 3:09 PM, Daniel P. Berrangé wrote:
> Currently the VIR_DRV_OPEN_REMOTE_USER flag is only set when we identify
> that we're connecting to a local libvirtd daemon. We would like to be
> able to set that even if connecting to a remote libvirtd daemon. This
> entails refactoring the conditional check.
> 
> One subtle change is that the VIR_DRV_OPEN_REMOTE_USER is now set when
> the test+XXX://  URI is used, even if a servername is present. This has
> no effect in this patch, but will later.
> 
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
>   src/remote/remote_driver.c | 26 ++++++++++++++++++--------
>   1 file changed, 18 insertions(+), 8 deletions(-)

ACK

Michal

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list