Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

>>>Host can read all of the guest's memory or mount the image and modify >>>the guest agent. Or even add their own communication program that can >>>do anything. >>> >> >>I get your point now! :) Thanks a lot!! >> >>Further more, kvm seems not as secure as xen, because xen isolates dom0 and

Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

>On Fri, Aug 25, 2017 at 08:52:16 +, Zhangbo (Oscar) wrote: >> >On Fri, Aug 25, 2017 at 06:45:18 +, Zhangbo (Oscar) wrote: > >[...] > >> >> The Administrator also can use other commands such as " >> >guest-file-open" that also cause Insider Access. >> >> >> >> So, how to avoid

Re: [libvirt] [PATCH 0/2] Alter refresh algorithm for volWipe

On 08/25/2017 08:28 AM, Martin Kletzander wrote: > On Fri, Aug 25, 2017 at 07:52:25AM -0400, John Ferlan wrote: >> >> >> On 08/25/2017 05:44 AM, Martin Kletzander wrote: >>> On Thu, Aug 24, 2017 at 06:28:27PM -0400, John Ferlan wrote: Alter wipeVol to do same refresh operation as pool

Re: [libvirt] [PATCH v2 3/3] docs: Update news with domain name bug fixes

On 08/25/2017 07:21 AM, Martin Kletzander wrote: > Signed-off-by: Martin Kletzander > --- > docs/news.xml | 20 > 1 file changed, 20 insertions(+) > > diff --git a/docs/news.xml b/docs/news.xml > index 26bd9bd6f651..2bcd27548bf3 100644 > ---

Re: [libvirt] [PATCH v2 2/3] qemu: Use short domain name in qemuDomainGetPreservedMountPath

On 08/25/2017 07:21 AM, Martin Kletzander wrote: > Otherwise longer domain names might generate paths that are too long > to be created. This follows what other parts of the code do as well. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1453194 > > Signed-off-by: Martin Kletzander

Re: [libvirt] [PATCH v2 1/3] conf: Properly truncate wide character names in virDomainObjGetShortName

On 08/25/2017 07:21 AM, Martin Kletzander wrote: > We always truncated the name at 20 bytes instead of characters. In > case 20 bytes were in the middle of a multi-byte character, then the > string became invalid and various parts of the code would error > out (e.g. XML parsing of that string).

[libvirt] [PATCH v2] qemu: Handle host devices not being available better

We can't retrieve the isolation group of a device that's not present in the system. However, it's very common for VFs to be created late in the boot, so they might not be present yet when libvirtd starts, which would cause the guests using them to disappear. Moreover, for other architectures and

[libvirt] [PATCH] vmx: Expose VMware Managed Object Reference (moref) in XML.

If you use the VDDK library to access virtual machines remotely, you really need to know the Managed Object Reference ("moref") of the VM. This must be passed each time you connect to the API. For example nbdkit's VDDK plugin requires a moref to be passed to mount up a VM's disk remotely:

Re: [libvirt] [PATCH 1/3] conf: Properly truncate wide character names in virDomainObjGetShortName

On 08/25/2017 02:30 AM, Martin Kletzander wrote: > On Wed, Aug 23, 2017 at 04:47:03PM -0400, John Ferlan wrote: >> >> >> On 08/23/2017 07:47 AM, Martin Kletzander wrote: >>> We always truncated the name at 20 bytes instead of characters. In >>> case 20 bytes were in the middle of a multi-byte

Re: [libvirt] [PATCH 0/2] Alter refresh algorithm for volWipe

On Fri, Aug 25, 2017 at 07:52:25AM -0400, John Ferlan wrote: On 08/25/2017 05:44 AM, Martin Kletzander wrote: On Thu, Aug 24, 2017 at 06:28:27PM -0400, John Ferlan wrote: Alter wipeVol to do same refresh operation as pool refresh would do. I think we should rather keep the format as it

Re: [libvirt] [PATCH 0/4] Make it easier to clean up after using virBuffer

On Fri, Aug 25, 2017 at 07:43:44AM -0400, John Ferlan wrote: On 08/25/2017 02:19 AM, Martin Kletzander wrote: On Wed, Aug 23, 2017 at 12:56:02PM -0400, John Ferlan wrote: On 08/21/2017 03:47 AM, Martin Kletzander wrote: There are many places in the code where virBufferCheckError() is used

Re: [libvirt] [PATCH 0/2] Alter refresh algorithm for volWipe

On 08/25/2017 05:44 AM, Martin Kletzander wrote: > On Thu, Aug 24, 2017 at 06:28:27PM -0400, John Ferlan wrote: >> Alter wipeVol to do same refresh operation as pool refresh would do. >> > > I think we should rather keep the format as it is. Did I miss something > here or isn't the source of

Re: [libvirt] [PATCH 0/4] Make it easier to clean up after using virBuffer

On 08/25/2017 02:19 AM, Martin Kletzander wrote: > On Wed, Aug 23, 2017 at 12:56:02PM -0400, John Ferlan wrote: >> >> >> On 08/21/2017 03:47 AM, Martin Kletzander wrote: >>> There are many places in the code where virBufferCheckError() is used >>> and then, right after that,

Re: [libvirt] [PATCH] qemu: Prevent isolation group-related guest disappearance

On Fri, 2017-08-25 at 12:12 +0200, Peter Krempa wrote: > > > @@ -1012,6 +1012,18 @@ qemuDomainFillDeviceIsolationGroup(virDomainDefPtr > > > def, > > > tmp = virPCIDeviceAddressGetIOMMUGroupNum(hostAddr); > > > > > > if (tmp < 0) { > > > +/* If there's already a PCI

[libvirt] [PATCH v2 1/3] conf: Properly truncate wide character names in virDomainObjGetShortName

We always truncated the name at 20 bytes instead of characters. In case 20 bytes were in the middle of a multi-byte character, then the string became invalid and various parts of the code would error out (e.g. XML parsing of that string). Let's instead properly truncate it after 20 characters

[libvirt] [PATCH v2 2/3] qemu: Use short domain name in qemuDomainGetPreservedMountPath

Otherwise longer domain names might generate paths that are too long to be created. This follows what other parts of the code do as well. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1453194 Signed-off-by: Martin Kletzander --- src/qemu/qemu_domain.c | 10

[libvirt] [PATCH v2 0/3] Some domain name handling improvements

*** BRULB THERE *** Martin Kletzander (3): conf: Properly truncate wide character names in virDomainObjGetShortName qemu: Use short domain name in qemuDomainGetPreservedMountPath docs: Update news with domain name bug fixes docs/news.xml | 20

[libvirt] [PATCH v2 3/3] docs: Update news with domain name bug fixes

Signed-off-by: Martin Kletzander --- docs/news.xml | 20 1 file changed, 20 insertions(+) diff --git a/docs/news.xml b/docs/news.xml index 26bd9bd6f651..2bcd27548bf3 100644 --- a/docs/news.xml +++ b/docs/news.xml @@ -49,6 +49,26 @@ +

Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

On Fri, Aug 25, 2017 at 10:29:03AM +, Zhangbo (Oscar) wrote: Host can read all of the guest's memory or mount the image and modify the guest agent. Or even add their own communication program that can do anything. I get your point now! :) Thanks a lot!! Further more, kvm seems not as

Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

> >Host can read all of the guest's memory or mount the image and modify >the guest agent. Or even add their own communication program that can >do anything. > I get your point now! :) Thanks a lot!! Further more, kvm seems not as secure as xen, because xen isolates dom0 and domU well, The

Re: [libvirt] [PATCH] qemu: Prevent isolation group-related guest disappearance

On Fri, Aug 25, 2017 at 11:41:22 +0200, Martin Kletzander wrote: > On Thu, Aug 24, 2017 at 05:12:20PM +0200, Andrea Bolognani wrote: > > We can't retrieve the isolation group of a device that's > > not present in the system. However, it's very common for > > VFs to be created late in the boot, so

Re: [libvirt] 答复: security: the qemu agent command "guest-exec" may cause Insider Access

On Fri, Aug 25, 2017 at 08:52:16 +, Zhangbo (Oscar) wrote: > >On Fri, Aug 25, 2017 at 06:45:18 +, Zhangbo (Oscar) wrote: [...] > >> The Administrator also can use other commands such as " > >guest-file-open" that also cause Insider Access. > >> > >> So, how to avoid this

Re: [libvirt] [PATCH 1/3] conf: Properly truncate wide character names in virDomainObjGetShortName

On Fri, Aug 25, 2017 at 08:30:52AM +0200, Martin Kletzander wrote: On Wed, Aug 23, 2017 at 04:47:03PM -0400, John Ferlan wrote: On 08/23/2017 07:47 AM, Martin Kletzander wrote: We always truncated the name at 20 bytes instead of characters. In case 20 bytes were in the middle of a

Re: [libvirt] 答复: security: the qemu agent command "guest-exec" may cause Insider Access

On Fri, Aug 25, 2017 at 08:52:16AM +, Zhangbo (Oscar) wrote: On Fri, Aug 25, 2017 at 06:45:18 +, Zhangbo (Oscar) wrote: Hi all: The Host Administrator is capable of running any exec in guests via the qemu-ga command "guest-exec", eg: virsh qemu-agent-command test_guest

Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

On Fri, Aug 25, 2017 at 08:59:54AM +, Zhangbo (Oscar) wrote: On Fri, Aug 25, 2017 at 06:45:18AM +, Zhangbo (Oscar) wrote: Hi all: The Host Administrator is capable of running any exec in guests via the qemu-ga command "guest-exec", eg: virsh qemu-agent-command test_guest

Re: [libvirt] [PATCH 0/2] Alter refresh algorithm for volWipe

On Thu, Aug 24, 2017 at 06:28:27PM -0400, John Ferlan wrote: Alter wipeVol to do same refresh operation as pool refresh would do. I think we should rather keep the format as it is. Did I miss something here or isn't the source of the problem just the fact that we wipe the volume without

Re: [libvirt] [PATCH] qemu: Prevent isolation group-related guest disappearance

On Thu, Aug 24, 2017 at 05:12:20PM +0200, Andrea Bolognani wrote: We can't retrieve the isolation group of a device that's not present in the system. However, it's very common for VFs to be created late in the boot, so they might not be present yet when libvirtd starts, which would cause the

Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

>On Fri, Aug 25, 2017 at 06:45:18AM +, Zhangbo (Oscar) wrote: >>Hi all: >> The Host Administrator is capable of running any exec in guests via the >qemu-ga command "guest-exec", eg: >> >>virsh qemu-agent-command test_guest '{"execute": "guest-exec", >"arguments": {"path":

[libvirt] 答复: security: the qemu agent command "guest-exec" may cause Insider Access

>On Fri, Aug 25, 2017 at 06:45:18 +, Zhangbo (Oscar) wrote: >> Hi all: >> The Host Administrator is capable of running any exec in guests via the >qemu-ga command "guest-exec", eg: >> >> virsh qemu-agent-command test_guest '{"execute": "guest-exec", >"arguments": {"path":

Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

On Fri, Aug 25, 2017 at 06:45:18AM +, Zhangbo (Oscar) wrote: Hi all: The Host Administrator is capable of running any exec in guests via the qemu-ga command "guest-exec", eg: virsh qemu-agent-command test_guest '{"execute": "guest-exec", "arguments": {"path": "ifconfig", "arg":

Re: [libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

On Fri, Aug 25, 2017 at 06:45:18 +, Zhangbo (Oscar) wrote: > Hi all: > The Host Administrator is capable of running any exec in guests via the > qemu-ga command "guest-exec", eg: > > virsh qemu-agent-command test_guest '{"execute": "guest-exec", > "arguments": {"path":

Re: [libvirt] [PATCH] Revert "maint: Update to latest gnulib"

On Thu, Aug 24, 2017 at 08:50:30PM -0500, Eric Blake wrote: > On 08/24/2017 12:20 PM, Erik Skultety wrote: > > Revert @f8172388c which broke the build on Centos 6, because of old > > autoconf (< 2.63b) not properly quoting arguments for shell. > > --- > > So, the last working commit is cbc700208,

[libvirt] security: the qemu agent command "guest-exec" may cause Insider Access

Hi all: The Host Administrator is capable of running any exec in guests via the qemu-ga command "guest-exec", eg: virsh qemu-agent-command test_guest '{"execute": "guest-exec", "arguments": {"path": "ifconfig", "arg": [ "eth1", "192.168.0.99" ],"capture-output": true } }'

Re: [libvirt] libvirt 3.5.0 locks

On Thu, Aug 24, 2017 at 02:31:05PM +0300, Vasiliy Tolstov wrote: Another lock with libvirt 3.5.0 root@cn12:~# gdb -batch -p $(pgrep libvirtd) -ex 't a a bt' warning: Unable to find libthread_db matching inferior's thread library, thread debugging will not be available. 0x7f95b5d4bd3d in

Re: [libvirt] [PATCH 1/3] conf: Properly truncate wide character names in virDomainObjGetShortName

On Wed, Aug 23, 2017 at 04:47:03PM -0400, John Ferlan wrote: On 08/23/2017 07:47 AM, Martin Kletzander wrote: We always truncated the name at 20 bytes instead of characters. In case 20 bytes were in the middle of a multi-byte character, then the string became invalid and various parts of the

Re: [libvirt] [PATCH 0/4] Make it easier to clean up after using virBuffer

On Wed, Aug 23, 2017 at 12:56:02PM -0400, John Ferlan wrote: On 08/21/2017 03:47 AM, Martin Kletzander wrote: There are many places in the code where virBufferCheckError() is used and then, right after that, virBufferContentAndReset() is called. The former has ATTRIBUTE_RETURN_CHECK, so