On 30.11.2016 11:41, Michal Privoznik wrote: > On 30.11.2016 11:16, Daniel P. Berrange wrote: >> On Wed, Nov 30, 2016 at 10:59:35AM +0100, Michal Privoznik wrote: >>> So far the NSS module looks up only hostnames as provided by >>> guests themselves. However, there are some cases where this is >>> not enough: e.g. when there's a fresh new guest being installed >>> (with some generic hostname) say from a live ISO image; or some >>> (older) systems don't advertise their hostname in DHCP >>> transactions at all. >>> In cases like that it would be helpful if we translate domain >>> name as seen by libvirt too so that users can: >>> >>> # virsh start $dom && ssh $dom >>> >>> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> >> >> So, IIUC, with this change the nss module is able to lookup >> based on hostname *or* the guest name. > > Correct. If you have a libvirt domain 'fedora' but set its hostname to > 'fedora2', both 'ping fedora' and 'ping fedora2' will work (and result > in the same IP address). Without this patch just 'ping fedora2' would work. > >> I think it is desirable if the admin can control which is >> used. In particular as an admin I'd like to prevent the >> ability to use hostname at all, since this data may >> come from an untrustworthy guest. > > Which can happen on a real network too. Guests can initialize DHCP > transaction with spoofed hostname just to trick DNS. If admins don't > want this to happen they just configure static DHCP/DNS. With libvirt, > they don't enable the NSS module. > > >> IOW, should we actually create two separate NSS modules, >> one that does DHCP hostname based lookups and one that >> does guest name based lookups. Admins can then choose >> which to use, or even list both in nssswitch.conf > > I was thinking about this and honestly, I don't have preference. I could > argue both ways. Ideally, there would be a way to pass arguments to an > NSS module, but looks like there is none. I've seen the following in > nsswitch.conf: > > netmasks: nisplus [NOTFOUND=return] files > > which would suggest so, but digging deep into glibc those are just args > to glibc function that loads the modules and calls the functions from them. > > So yes, maybe we need two modules after all. Any suggestions on the > naming? I'm out of ideas. Just an idea: what if I rename the current module to libvirt_guest (and also install symlink named libvirt that would point to it - just to maintain backward compatibility). And this new module would be called libvirt_host. So that we would have: libvirt_guest: to resolve IP addresses based on what guests say libvirt_host: to resolve IP addresses based on what libvirt thinks the guest name is. Still crappy names though. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
