External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-01 14:37:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Don't allow remote driver daemon autostart when running setuid

Browse Source 
We don't want setuid programs automatically spawning libvirtd,
so disable any use of autostart when setuid.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2013-10-09 11:47:13 +01:00
parent e22b0232c7
commit 171bb12911
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/remote/remote_driver.c
View File

@ -431,7 +431,7 @@ doRemoteOpen(virConnectPtr conn,
trans_tcp, trans_tcp,
} transport; } transport;
#ifndef WIN32 #ifndef WIN32
const char *daemonPath; const char *daemonPath = NULL;
#endif #endif
/* We handle *ALL* URIs here. The caller has rejected any /* We handle *ALL* URIs here. The caller has rejected any
@ -713,7 +713,8 @@ doRemoteOpen(virConnectPtr conn,
VIR_DEBUG("Proceeding with sockname %s", sockname); VIR_DEBUG("Proceeding with sockname %s", sockname);
} }
if (!(daemonPath = remoteFindDaemonPath())) { if ((flags & VIR_DRV_OPEN_REMOTE_AUTOSTART) &&
!(daemonPath = remoteFindDaemonPath())) {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("Unable to locate libvirtd daemon in %s " _("Unable to locate libvirtd daemon in %s "
"(to override, set $LIBVIRTD_PATH to the " "(to override, set $LIBVIRTD_PATH to the "
@ -997,8 +998,9 @@ remoteConnectOpen(virConnectPtr conn,
getuid() > 0) { getuid() > 0) {
VIR_DEBUG("Auto-spawn user daemon instance"); VIR_DEBUG("Auto-spawn user daemon instance");
rflags |= VIR_DRV_OPEN_REMOTE_USER; rflags |= VIR_DRV_OPEN_REMOTE_USER;
if (!autostart || if (!virIsSUID() &&
STRNEQ(autostart, "0")) (!autostart ||
STRNEQ(autostart, "0")))
rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART; rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
} }
@ -1014,8 +1016,9 @@ remoteConnectOpen(virConnectPtr conn,
if (getuid() > 0) { if (getuid() > 0) {
VIR_DEBUG("Auto-spawn user daemon instance"); VIR_DEBUG("Auto-spawn user daemon instance");
rflags |= VIR_DRV_OPEN_REMOTE_USER; rflags |= VIR_DRV_OPEN_REMOTE_USER;
if (!autostart || if (!virIsSUID() &&
STRNEQ(autostart, "0")) (!autostart ||
STRNEQ(autostart, "0")))
rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART; rflags |= VIR_DRV_OPEN_REMOTE_AUTOSTART;
} }
#endif #endif