[libvirt] [PATCH sandbox 2/3] Explicitly check for supported URIs when starting guests

[Daniel P. Berrange]

While the sandbox API is designed to be hypervisor agnostic,
the internal implementation needs work for each hypervisor
target. To avoid user errors at runtime, do an upfront check
to see if the URI they supply is suitable. Since we don't
support remote executions, we do a straight string comparison
on the URI, instead of just a protocol check
---
 .../libvirt-sandbox-context-interactive.c          | 27 ++++++++++++++++++++++
 po/POTFILES.in                                     |  1 +
 2 files changed, 28 insertions(+)

diff --git a/libvirt-sandbox/libvirt-sandbox-context-interactive.c b/libvirt-sandbox/libvirt-sandbox-context-interactive.c
index 78b2fbd..3ab63ec 100644
--- a/libvirt-sandbox/libvirt-sandbox-context-interactive.c
+++ b/libvirt-sandbox/libvirt-sandbox-context-interactive.c
@@ -24,6 +24,8 @@
 #include <string.h>
 #include <errno.h>
 
+#include <glib/gi18n.h>
+
 #include "libvirt-sandbox/libvirt-sandbox.h"
 
 /**
@@ -60,6 +62,13 @@ enum {
 
 //static gint signals[LAST_SIGNAL];
 
+#define GVIR_SANDBOX_CONTEXT_INTERACTIVE_ERROR gvir_sandbox_context_interactive_error_quark()
+
+static GQuark
+gvir_sandbox_context_interactive_error_quark(void)
+{
+    return g_quark_from_static_string("gvir-sandbox-context-interactive");
+}
 
 static void gvir_sandbox_context_interactive_get_property(GObject *object,
                                                           guint prop_id,
@@ -198,6 +207,7 @@ static gboolean gvir_sandbox_context_interactive_start(GVirSandboxContext *ctxt,
     gchar *emptydir;
     gchar *configfile;
     gboolean ret = FALSE;
+    const gchar *uri;
 
     if (!GVIR_SANDBOX_CONTEXT_CLASS(gvir_sandbox_context_interactive_parent_class)->start(ctxt, error))
         return FALSE;
@@ -213,6 +223,23 @@ static gboolean gvir_sandbox_context_interactive_start(GVirSandboxContext *ctxt,
     configfile = g_build_filename(configdir, "sandbox.cfg", NULL);
     emptydir = g_build_filename(configdir, "empty", NULL);
 
+    uri = gvir_connection_get_uri(connection);
+
+    if (geteuid() == 0) {
+        if (!g_str_equal(uri, "lxc:///") &&
+            !g_str_equal(uri, "qemu:///system")) {
+            g_set_error(error, GVIR_SANDBOX_CONTEXT_INTERACTIVE_ERROR, 0,
+                        _("Only 'lxc:///' or 'qemu:///system' URIs supported when running as root"));
+            goto cleanup;
+        }
+    } else {
+        if (!g_str_equal(uri, "qemu:///session")) {
+            g_set_error(error, GVIR_SANDBOX_CONTEXT_INTERACTIVE_ERROR, 0,
+                        _("Only 'qemu:///session' URIs supported when running as non-root"));
+            goto cleanup;
+        }
+    }
+
     if (!(builder = gvir_sandbox_builder_for_connection(connection,
                                                         error)))
         goto cleanup;
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 653abc5..11bd5e7 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -7,5 +7,6 @@ libvirt-sandbox/libvirt-sandbox-console.c
 libvirt-sandbox/libvirt-sandbox-console-raw.c
 libvirt-sandbox/libvirt-sandbox-console-rpc.c
 libvirt-sandbox/libvirt-sandbox-context.c
+libvirt-sandbox/libvirt-sandbox-context-interactive.c
 libvirt-sandbox/libvirt-sandbox-init-common.c
 libvirt-sandbox/libvirt-sandbox-rpcpacket.c
-- 
2.4.2