render / rpms / libvirt

Forked from rpms/libvirt 9 months ago
Clone
Blob Blame History Raw
From d1cca162368a3ff8600568405acb3326a372330f Mon Sep 17 00:00:00 2001
Message-Id: <d1cca162368a3ff8600568405acb3326a372330f@dist-git>
From: Erik Skultety <eskultet@redhat.com>
Date: Tue, 16 Aug 2016 13:06:04 +0200
Subject: [PATCH] virt-admin: Properly fix the default session daemon URI to
 admin server

Commit 30ce2f0e tried to fix the issue with an incorrect session URI to admin
server but it messed up the checks:

    if (geteuid == 0 && VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
        return -1;
    else if (VIR_STRDUP(*uristr, "libvirtd:///session") < 0)
        return -1;

So if a client executed with root privileges tries to connect, its euid is
checked (true) and the correct URI is successfully copied to @uristr (false),
therefore the 'else' branch is taken and @uristr is replaced by the session URI
which for root results in:
    Failed to connect socket to '/root/.cache/libvirt/libvirt-admin-sock':
    No such file or directory

Signed-off-by: Erik Skultety <eskultet@redhat.com>
(cherry picked from commit 9e5e7f3a5b7a9a7325ad4ac719abd469cd7f8a45)

https://bugzilla.redhat.com/show_bug.cgi?id=1367269
https://bugzilla.redhat.com/show_bug.cgi?id=1356858
Signed-off-by: Erik Skultety <eskultet@redhat.com>

 Conflicts:
	src/libvirt-admin.c - these were caused by not backporting 30ce2f0e,
        since that one was obviously an incorrect fix that needed an additional
        fix, so why not just backport the additional fix and resolve a tiny
        conflict...
---
 src/libvirt-admin.c | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/libvirt-admin.c b/src/libvirt-admin.c
index f3bbe8c..b3de337 100644
--- a/src/libvirt-admin.c
+++ b/src/libvirt-admin.c
@@ -188,10 +188,16 @@ virAdmGetDefaultURI(virConfPtr conf, char **uristr)
             /* Since we can't probe connecting via any hypervisor driver as libvirt
              * does, if no explicit URI was given and neither the environment
              * variable, nor the configuration parameter had previously been set,
-             * we set the default admin server URI to 'libvirtd://system'.
+             * we set the default admin server URI to 'libvirtd://system' or
+             * 'libvirtd:///session' depending on the process's EUID.
              */
-            if (VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
-                return -1;
+            if (geteuid() == 0) {
+                if (VIR_STRDUP(*uristr, "libvirtd:///system") < 0)
+                    return -1;
+            } else {
+                if (VIR_STRDUP(*uristr, "libvirtd:///session") < 0)
+                    return -1;
+            }
         }
     }
 
-- 
2.9.2