On Wed, Nov 30, 2016 at 10:59:35AM +0100, Michal Privoznik wrote: > So far the NSS module looks up only hostnames as provided by > guests themselves. However, there are some cases where this is > not enough: e.g. when there's a fresh new guest being installed > (with some generic hostname) say from a live ISO image; or some > (older) systems don't advertise their hostname in DHCP > transactions at all. > In cases like that it would be helpful if we translate domain > name as seen by libvirt too so that users can: > > # virsh start $dom && ssh $dom > > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> So, IIUC, with this change the nss module is able to lookup based on hostname *or* the guest name. I think it is desirable if the admin can control which is used. In particular as an admin I'd like to prevent the ability to use hostname at all, since this data may come from an untrustworthy guest. IOW, should we actually create two separate NSS modules, one that does DHCP hostname based lookups and one that does guest name based lookups. Admins can then choose which to use, or even list both in nssswitch.conf Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list