External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-28 19:41:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
da7396605b
libvirt/tools/virt-login-shell.pod
Daniel P. Berrange da7396605b virt-login-shell: honour the -c option to launch commands 
The virt-login-shell program is supposed to look like a
regular shell to clients. Login services like sshd
expect the shell to accept a '-c cmdstring' argument to
specify a command to launch instead of presenting an
interactive prompt.

We can implement this by simply passing the '-c cmdstring'
data straight through to the real shell we use. This does
not open any security holes, since the command is not run
until we're inside the container namespaces. This allows
scp to work for users with virt-login-shell.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2016-06-10 11:03:01 +01:00

106 lines
2.7 KiB
Plaintext
Raw Blame History

=head1 NAME
virt-login-shell - tool to execute a shell within a container matching the users name
=head1 SYNOPSIS
B<virt-login-shell> [I<OPTION>]
=head1 DESCRIPTION
The B<virt-login-shell> program is a setuid shell that is used to join
an LXC container that matches the user's name. If the container is not
running, virt-login-shell will attempt to start the container.
virt-login-shell is not allowed to be run by root. Normal users will get
added to a container that matches their username, if it exists, and they are
configured in /etc/libvirt/virt-login-shell.conf.
The basic structure of most virt-login-shell usage is:
virt-login-shell
=head1 OPTIONS
=over
=item B<-c CMD>
Instruct the shell to run CMD instead of presenting an
interactive shell prompt.
=item B<-h, --help>
Display command line help usage then exit.
=item B<-V, --version>
Display version information then exit.
=back
=head1 CONFIG
By default, virt-login-shell will execute the /bin/sh program for the user.
You can modify this behaviour by defining the shell variable in
/etc/libvirt/virt-login-shell.conf.
eg. shell = [ "/bin/ksh", "--login"]
By default no users are allowed to use virt-login-shell, if you want to allow
certain users to use virt-login-shell, you need to modify the allowed_users
variable in /etc/libvirt/virt-login-shell.conf.
eg. allowed_users = [ "tom", "dick", "harry" ]
=head1 EXIT STATUS
B<virt-login-shell> normally returns the exit status of the command it
executed. If the command was killed by a signal, but that signal is not
fatal to virt-login-shell, then it returns the signal number plus 128.
Exit status generated by B<virt-login-shell> itself:
=over 4
=item B<0> An option was used to learn more about this binary.
=item B<125> Generic error before attempting execution of the configured
shell; for example, if libvirtd is not running.
=item B<126> The configured shell exists but could not be executed.
=item B<127> The configured shell could not be found.
=back
=head1 BUGS
Report any bugs discovered to the libvirt community via the mailing
list L<http://libvirt.org/contact.html> or bug tracker
L<http://libvirt.org/bugs.html>.
Alternatively report bugs to your software distributor / vendor.
=head1 AUTHORS
Please refer to the AUTHORS file distributed with libvirt.
Daniel Walsh <dwalsh at redhat dot com>
=head1 COPYRIGHT
Copyright (C) 2013-2014 Red Hat, Inc., and the authors listed in the
libvirt AUTHORS file.
=head1 LICENSE
virt-login-shell is distributed under the terms of the GNU LGPL v2+.
This is free software; see the source for copying conditions. There
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE
=head1 SEE ALSO
L<virsh(1)>, L<http://www.libvirt.org/>
=cut
Reference in New Issue View Git Blame Copy Permalink