[libvirt] [PATCH] remote: Forbid default "/session" connections when using ssh transport

Peter Krempa pkrempa at redhat.com
Fri Jun 14 06:25:00 UTC 2013


On 06/13/13 16:42, Laine Stump wrote:
> On 06/13/2013 05:46 AM, Peter Krempa wrote:
>> On 06/12/13 21:34, Laine Stump wrote:
>>> On 06/10/2013 08:44 AM, Peter Krempa wrote:
>>>
>>>
>>> Can you include in the commit log a link to the BZ describing this
>>> problem? It helps *immensely* when trying to trace things months/years
>>> later.
>>>
>>
>> There isn't any publicly available BZ describing this problem so I
>> chose not to put the private link in the commit. I can do it if you
>> insist but having private links in a public repo doesn't seem right to
>> me.
>
> Sigh.
>
> No, I agree that private BZ's shouldn't be linked in a public repo, as
> it just causes frustration for those without access to the private BZ.
> It's unfortunate that the BZ was private, though (although there's
> nothing that we could do about it other than filing a parallel BZ)

Indeed. Open source could be a bit more open sometimes.
>
>>
>>>
>>>

>>> A totally naive question: do we want to only allow "/system"? or
>>> 'anything except "/session"'?
>>
>> We want to forbid only "/session" with the default socket path which
>> won't work right now. A user is able to start a session daemon and
>> successfully connect to it even with this patch. The user has to
>> manually specify a socket path.
>>
>> Rejecting everything except "/system" would break drivers that use
>> different path.
>
> Okay, I just wanted to make sure. So ACK as it is then.

Thanks for the review. Pushed.

Peter




More information about the libvir-list mailing list