|
 |
6ae9ed |
From d1cca162368a3ff8600568405acb3326a372330f Mon Sep 17 00:00:00 2001
|
|
|
6ae9ed |
Message-Id: <d1cca162368a3ff8600568405acb3326a372330f@dist-git>
|
|
|
6ae9ed |
From: Erik Skultety <eskultet@redhat.com>
|
|
|
6ae9ed |
Date: Tue, 16 Aug 2016 13:06:04 +0200
|
|
|
6ae9ed |
Subject: [PATCH] virt-admin: Properly fix the default session daemon URI to
|
|
|
6ae9ed |
admin server
|
|
|
6ae9ed |
|
|
|
6ae9ed |
Commit 30ce2f0e tried to fix the issue with an incorrect session URI to admin
|
|
|
6ae9ed |
server but it messed up the checks:
|
|
|
6ae9ed |
|
|
|
6ae9ed |
if (geteuid == 0 && VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
|
|
|
6ae9ed |
return -1;
|
|
|
6ae9ed |
else if (VIR_STRDUP(*uristr, "libvirtd:///session") < 0)
|
|
|
6ae9ed |
return -1;
|
|
|
6ae9ed |
|
|
|
6ae9ed |
So if a client executed with root privileges tries to connect, its euid is
|
|
|
6ae9ed |
checked (true) and the correct URI is successfully copied to @uristr (false),
|
|
|
6ae9ed |
therefore the 'else' branch is taken and @uristr is replaced by the session URI
|
|
|
6ae9ed |
which for root results in:
|
|
|
6ae9ed |
Failed to connect socket to '/root/.cache/libvirt/libvirt-admin-sock':
|
|
|
6ae9ed |
No such file or directory
|
|
|
6ae9ed |
|
|
|
6ae9ed |
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
|
|
6ae9ed |
(cherry picked from commit 9e5e7f3a5b7a9a7325ad4ac719abd469cd7f8a45)
|
|
|
6ae9ed |
|
|
|
6ae9ed |
https://bugzilla.redhat.com/show_bug.cgi?id=1367269
|
|
|
6ae9ed |
https://bugzilla.redhat.com/show_bug.cgi?id=1356858
|
|
|
6ae9ed |
Signed-off-by: Erik Skultety <eskultet@redhat.com>
|
|
|
6ae9ed |
|
|
|
6ae9ed |
Conflicts:
|
|
|
6ae9ed |
src/libvirt-admin.c - these were caused by not backporting 30ce2f0e,
|
|
|
6ae9ed |
since that one was obviously an incorrect fix that needed an additional
|
|
|
6ae9ed |
fix, so why not just backport the additional fix and resolve a tiny
|
|
|
6ae9ed |
conflict...
|
|
|
6ae9ed |
---
|
|
|
6ae9ed |
src/libvirt-admin.c | 12 +++++++++---
|
|
|
6ae9ed |
1 file changed, 9 insertions(+), 3 deletions(-)
|
|
|
6ae9ed |
|
|
|
6ae9ed |
diff --git a/src/libvirt-admin.c b/src/libvirt-admin.c
|
|
|
6ae9ed |
index f3bbe8c..b3de337 100644
|
|
|
6ae9ed |
--- a/src/libvirt-admin.c
|
|
|
6ae9ed |
+++ b/src/libvirt-admin.c
|
|
|
6ae9ed |
@@ -188,10 +188,16 @@ virAdmGetDefaultURI(virConfPtr conf, char **uristr)
|
|
|
6ae9ed |
/* Since we can't probe connecting via any hypervisor driver as libvirt
|
|
|
6ae9ed |
* does, if no explicit URI was given and neither the environment
|
|
|
6ae9ed |
* variable, nor the configuration parameter had previously been set,
|
|
|
6ae9ed |
- * we set the default admin server URI to 'libvirtd://system'.
|
|
|
6ae9ed |
+ * we set the default admin server URI to 'libvirtd://system' or
|
|
|
6ae9ed |
+ * 'libvirtd:///session' depending on the process's EUID.
|
|
|
6ae9ed |
*/
|
|
|
6ae9ed |
- if (VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
|
|
|
6ae9ed |
- return -1;
|
|
|
6ae9ed |
+ if (geteuid() == 0) {
|
|
|
6ae9ed |
+ if (VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
|
|
|
6ae9ed |
+ return -1;
|
|
|
6ae9ed |
+ } else {
|
|
|
6ae9ed |
+ if (VIR_STRDUP(*uristr, "libvirtd:///session") < 0)
|
|
|
6ae9ed |
+ return -1;
|
|
|
6ae9ed |
+ }
|
|
|
6ae9ed |
}
|
|
|
6ae9ed |
}
|
|
|
6ae9ed |
|
|
|
6ae9ed |
--
|
|
|
6ae9ed |
2.9.2
|
|
|
6ae9ed |
|