[libvirt] [PATCH 2/2] virt-login-shell joins users into lxc container.
Eric Blake
eblake at redhat.com
Mon Dec 23 22:17:49 UTC 2013
On 12/23/2013 03:12 PM, Eric Blake wrote:
>> Only users who are listed as valid_users in /etc/libvirt/virt-login-shell.conf
>> are allowed to join containers using this tool. By default no users are allowed.
>
> Problem. This is how things get installed:
>
> # ls -ld /etc/libvirt/ /etc/libvirt/virt-login-shell.conf
> /bin/virt-login-shell
> -rwsr-x---. 1 root virtlogin 891744 Dec 4 01:37 /bin/virt-login-shell
> drwx------. 6 root root 4096 Dec 23 13:22 /etc/libvirt/
> -rw-r--r--. 1 root root 1244 Dec 23 13:22
> /etc/libvirt/virt-login-shell.conf
>
>> + if (!(conf = virConfReadFile(login_shell_path, 0)))
>> + goto cleanup;
>
> ...and non-root invariably fails here, since login_shell_path
> (/etc/libvirt/virt-login-shell.conf) is buried inside a directory that
> is not searchable by either root or virtlogin.
Ah, I see - non-root fails here if run unprivileged (such as under gdb),
but when run setuid it has the permissions of root and can read the file
just fine. So this is a case where we are really relying on ALL of the
setuid power, rather than one where we could use capability labeling on
the binary rather than a full-blown setuid, making it harder to minimize
the power of the binary on systems that try to avoid setuid by use of
caps. It's also making my life much tougher to try and debug the other
bugs in this program.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 604 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20131223/894f037e/attachment-0001.sig>
More information about the libvir-list
mailing list