From nobody Sun Feb 8 16:31:07 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1620404720; cv=none; d=zohomail.com; s=zohoarc; b=TFXngfBFTO8pCb78ywCLAiVhvRkm9iDYOdo0F3cDlxc1dEJLMdGgAFAOF5Zik/KrS2l5x86bZROF2+EZ8oTlUDTzw4USpbWrYLjMox869iT6UqdmEDqoPnwDQJ5UzC7lPLdze0eRJi4247NEZcQdHKbL6B1qWEyFSJxe/8AjmcU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1620404720; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=alj+4zcf3dbREy5J+cFawK6Z9p8hdQJhz/G4h8bAD1k=; b=FZFvCc2dGXkOCDMt4fAVkl7hLysgQH8Fp4jdmGxB2m8SyK0OXPOAGqd8GyWuk9ZDqzc4pSWbbAhFDiaBqQU9jpEirQsHzNyOBFc1TpG9+r6cn044VkGlnciQ+1AaxVMwZ43H8WTflvsKKaJaj9rLBdgk6x7LqQxg8q3zEElKhu4= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1620404720236235.2832799397927; Fri, 7 May 2021 09:25:20 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-251-mPSEYnCBOwi-s43uHdJ4hg-1; Fri, 07 May 2021 12:25:15 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 395841008068; Fri, 7 May 2021 16:25:09 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1931859457; Fri, 7 May 2021 16:25:09 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id D0A18180B463; Fri, 7 May 2021 16:25:08 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 147GP5fu003436 for ; Fri, 7 May 2021 12:25:05 -0400 Received: by smtp.corp.redhat.com (Postfix) id A6FE663B8C; Fri, 7 May 2021 16:25:05 +0000 (UTC) Received: from foo.redhat.com (ovpn-114-155.ams2.redhat.com [10.36.114.155]) by smtp.corp.redhat.com (Postfix) with ESMTP id A106259447; Fri, 7 May 2021 16:25:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1620404719; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=alj+4zcf3dbREy5J+cFawK6Z9p8hdQJhz/G4h8bAD1k=; b=ChAoGPLlzyrxVbhTJjMGoz0tH3KAnMoeQagRBshASwLfAYxC2IoDKN2v9HowTN0rvEEzG0 SWqGAVQz7bDM5ho7cad+MXZhZBuVHYPwAVkSxJ/oS3jffp8Yrf0eEYXZLVfOs7oyttOXM6 zLnN9MRhk3Ynu5UnYm5kSpGMW4S4J1k= X-MC-Unique: mPSEYnCBOwi-s43uHdJ4hg-1 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= To: libvir-list@redhat.com Subject: [libvirt PATCH v2 08/10] src: set identity when opening secondary drivers Date: Fri, 7 May 2021 17:24:46 +0100 Message-Id: <20210507162448.660074-9-berrange@redhat.com> In-Reply-To: <20210507162448.660074-1-berrange@redhat.com> References: <20210507162448.660074-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-loop: libvir-list@redhat.com Cc: Michal Privoznik X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) The drivers can all call virGetConnectXXX to open a connection to a secondary driver. For example, when creating a encrypted storage volume, the storage driver has to open a secret driver connection, or when starting a guest, the QEMU driver has to open the network driver to lookup a virtual network. When using monolithic libvirtd, the connection has the same effective identity as the client, since everything is still in the same process. When using the modular daemons, however, the remote daemon sees the identity of the calling daemon. This is a mistake as it results in the modular daemons seeing the client with elevated privileges. We need to pass on the current identity explicitly when opening the secondary drivers. This is the same thing that is done by daemon RPC dispatcher code when it is directly forwarding top level API calls from virtproxyd and other daemons. Reviewed-by: Michal Privoznik Signed-off-by: Daniel P. Berrang=C3=A9 --- src/driver.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/src/driver.c b/src/driver.c index f8022d2522..227bb56e48 100644 --- a/src/driver.c +++ b/src/driver.c @@ -33,6 +33,8 @@ #include "virstring.h" #include "virthread.h" #include "virutil.h" +#include "viridentity.h" +#include "datatypes.h" #include "configmake.h" =20 VIR_LOG_INIT("driver"); @@ -136,6 +138,7 @@ static virConnectPtr virGetConnectGeneric(virThreadLocal *threadPtr, const char *name) { virConnectPtr conn; + virErrorPtr saved; =20 if (virConnectCacheInitialize() < 0) return NULL; @@ -153,8 +156,32 @@ virGetConnectGeneric(virThreadLocal *threadPtr, const = char *name) =20 conn =3D virConnectOpen(uri); VIR_DEBUG("Opened new %s connection %p", name, conn); + if (!conn) + return NULL; + + if (conn->driver->connectSetIdentity !=3D NULL) { + g_autoptr(virIdentity) ident =3D NULL; + virTypedParameterPtr identparams =3D NULL; + int nidentparams =3D 0; + + VIR_DEBUG("Attempting to delegate current identity"); + if (!(ident =3D virIdentityGetCurrent())) + goto error; + + if (virIdentityGetParameters(ident, &identparams, &nidentparam= s) < 0) + goto error; + + if (virConnectSetIdentity(conn, identparams, nidentparams, 0) = < 0) + goto error; + } } return conn; + + error: + saved =3D virSaveLastError(); + virConnectClose(conn); + virSetError(saved); + return NULL; } =20 =20 --=20 2.31.1