[PATCH 05/17] build: drop libvirt setuid library build

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The virt-login-shell setuid program is now a tiny piece of code
that only uses standard libc functions, and santizes the execution
environment before invoking the real virt-login-shell-helper.
The latter is thus able to use the normal libvirt.so build,
allowing us to delete the special cut down setuid library build.

Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
 config-post.h      |  34 +++------------
 configure.ac       |   3 --
 src/Makefile.am    | 101 ---------------------------------------------
 src/libvirt.c      |  32 ++++++--------
 src/util/virfile.c |   2 +-
 5 files changed, 19 insertions(+), 153 deletions(-)

diff --git a/config-post.h b/config-post.h
index 093f84a7ce..a11f9c83d6 100644
--- a/config-post.h
+++ b/config-post.h
@@ -17,39 +17,15 @@
  */
 
 /*
- * Since virt-login-shell will be setuid, we must do everything
- * we can to avoid linking to other libraries. Many of them do
- * unsafe things in functions marked __attribute__((constructor)).
+ * The NSS module can be loaded into any binary and thus we want
+ * to minimize what code is liable to be run. Especiall we need
+ * to minimize use of any 3rd party libraries which have
+ * __attribute__((constructor)) functions.
+ *
  * The only way to avoid such deps is to re-compile the
  * functions with the code in question disabled, and for that we
  * must override the main config.h rules. Hence this file :-(
  */
-
-#ifdef LIBVIRT_SETUID_RPC_CLIENT
-# undef HAVE_LIBNL
-# undef HAVE_LIBNL3
-# undef HAVE_LIBSASL2
-# undef HAVE_SYS_ACL_H
-# undef WITH_CAPNG
-# undef WITH_CURL
-# undef WITH_DBUS
-# undef WITH_DEVMAPPER
-# undef WITH_DTRACE_PROBES
-# undef WITH_GNUTLS
-# undef WITH_LIBSSH
-# undef WITH_MACVTAP
-# undef WITH_NUMACTL
-# undef WITH_SASL
-# undef WITH_SSH2
-# undef WITH_SYSTEMD_DAEMON
-# undef WITH_VIRTUALPORT
-# undef WITH_YAJL
-#endif
-
-/*
- * With the NSS module it's the same story as virt-login-shell. See the
- * explanation above.
- */
 #ifdef LIBVIRT_NSS
 # undef HAVE_LIBNL
 # undef HAVE_LIBNL3
diff --git a/configure.ac b/configure.ac
index d18d427695..3f1124609d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -512,9 +512,6 @@ dnl
 AC_CHECK_HEADERS([linux/kvm.h])
 
 
-AM_CONDITIONAL([WITH_SETUID_RPC_CLIENT], [test "$with_lxc$with_login_shell" != "nono"])
-
-
 dnl
 dnl check for kernel headers required by src/bridge.c
 dnl
diff --git a/src/Makefile.am b/src/Makefile.am
index 4a8cae11dc..8ca714dd34 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -647,107 +647,6 @@ libvirt_lxc_la_LDFLAGS = \
 libvirt_lxc_la_CFLAGS = $(AM_CFLAGS)
 libvirt_lxc_la_LIBADD = libvirt.la $(CYGWIN_EXTRA_LIBADD)
 
-# Since virt-login-shell will be setuid, we must do everything
-# we can to avoid linking to other libraries. Many of them do
-# unsafe things in functions marked __attribute__((constructor)).
-# This library is built to include the bare minimum required to
-# have a RPC client for local UNIX socket access only. We use
-# the ../config-post.h header to disable all external deps that
-# we don't want
-if WITH_SETUID_RPC_CLIENT
-noinst_LTLIBRARIES += libvirt-setuid-rpc-client.la
-
-libvirt_setuid_rpc_client_la_SOURCES = \
-		util/viralloc.c \
-		util/virarch.c \
-		util/viratomic.c \
-		util/viratomic.h \
-		util/virautoclean.h \
-		util/virbitmap.c \
-		util/virbuffer.c \
-		util/vircgroup.c \
-		util/vircgroupbackend.c \
-		util/vircgroupv1.c \
-		util/vircgroupv2.c \
-		util/vircommand.c \
-		util/virconf.c \
-		util/virdbus.c \
-		util/virenum.c \
-		util/virerror.c \
-		util/virevent.c \
-		util/vireventpoll.c \
-		util/virfile.c \
-		util/virgettext.c \
-		util/virhash.c \
-		util/virhashcode.c \
-		util/virhostcpu.c \
-		util/virjson.c \
-		util/virlog.c \
-		util/virobject.c \
-		util/virpidfile.c \
-		util/virprocess.c \
-		util/virrandom.c \
-		util/virsocketaddr.c \
-		util/virstring.c \
-		util/virsystemd.c \
-		util/virtime.c \
-		util/virthread.c \
-		util/virthreadjob.c \
-		util/virtypedparam.c \
-		util/viruri.c \
-		util/virutil.c \
-		util/viruuid.c \
-		conf/domain_event.c \
-		conf/network_event.c \
-		conf/object_event.c \
-		conf/storage_event.c \
-		conf/node_device_event.c \
-		conf/secret_event.c \
-		rpc/virnetsocket.c \
-		rpc/virnetsocket.h \
-		rpc/virnetmessage.h \
-		rpc/virnetmessage.c \
-		rpc/virkeepalive.c \
-		rpc/virkeepalive.h \
-		rpc/virnetclient.c \
-		rpc/virnetclientprogram.c \
-		rpc/virnetclientstream.c \
-		rpc/virnetprotocol.c \
-		remote/remote_driver.c \
-		remote/remote_protocol.c \
-		remote/qemu_protocol.c \
-		remote/lxc_protocol.c \
-		datatypes.c \
-		libvirt.c \
-		libvirt-domain.c \
-		libvirt-domain-checkpoint.c \
-		libvirt-domain-snapshot.c \
-		libvirt-host.c \
-		libvirt-interface.c \
-		libvirt-network.c \
-		libvirt-nodedev.c \
-		libvirt-nwfilter.c \
-		libvirt-secret.c \
-		libvirt-storage.c \
-		libvirt-stream.c \
-		libvirt-lxc.c \
-		$(NULL)
-
-libvirt_setuid_rpc_client_la_LDFLAGS = \
-		$(AM_LDFLAGS) \
-		$(LIBXML_LIBS) \
-		$(SECDRIVER_LIBS) \
-		$(NULL)
-libvirt_setuid_rpc_client_la_CFLAGS = \
-		-DLIBVIRT_SETUID_RPC_CLIENT \
-		-I$(srcdir)/conf \
-		-I$(srcdir)/rpc \
-		$(AM_CFLAGS) \
-		$(SECDRIVER_CFLAGS) \
-		$(XDR_CFLAGS) \
-		$(NULL)
-endif WITH_SETUID_RPC_CLIENT
-
 EXTRA_DIST += $(SYSCONF_FILES)
 
 install-sysconfig:
diff --git a/src/libvirt.c b/src/libvirt.c
index f0a768fc7e..489785cec4 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -280,43 +280,37 @@ virGlobalInit(void)
         goto error;
 #endif /* HAVE_LIBINTL_H */
 
-    /*
-     * Note we must avoid everything except 'remote' driver
-     * for virt-login-shell usage
-     */
-#ifndef LIBVIRT_SETUID_RPC_CLIENT
     /*
      * Note that the order is important: the first ones have a higher
      * priority when calling virConnectOpen.
      */
-# ifdef WITH_TEST
+#ifdef WITH_TEST
     if (testRegister() == -1)
         goto error;
-# endif
-# ifdef WITH_OPENVZ
+#endif
+#ifdef WITH_OPENVZ
     if (openvzRegister() == -1)
         goto error;
-# endif
-# ifdef WITH_VMWARE
+#endif
+#ifdef WITH_VMWARE
     if (vmwareRegister() == -1)
         goto error;
-# endif
-# ifdef WITH_PHYP
+#endif
+#ifdef WITH_PHYP
     if (phypRegister() == -1)
         goto error;
-# endif
-# ifdef WITH_ESX
+#endif
+#ifdef WITH_ESX
     if (esxRegister() == -1)
         goto error;
-# endif
-# ifdef WITH_HYPERV
+#endif
+#ifdef WITH_HYPERV
     if (hypervRegister() == -1)
         goto error;
-# endif
-# ifdef WITH_XENAPI
+#endif
+#ifdef WITH_XENAPI
     if (xenapiRegister() == -1)
         goto error;
-# endif
 #endif
 #ifdef WITH_REMOTE
     if (remoteRegister() == -1)
diff --git a/src/util/virfile.c b/src/util/virfile.c
index 082aac12c8..775192ff00 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -632,7 +632,7 @@ int virFileUpdatePerm(const char *path,
 
 
 #if defined(__linux__) && HAVE_DECL_LO_FLAGS_AUTOCLEAR && \
-    !defined(LIBVIRT_SETUID_RPC_CLIENT) && !defined(LIBVIRT_NSS)
+    !defined(LIBVIRT_NSS)
 
 # if HAVE_DECL_LOOP_CTL_GET_FREE
 
-- 
2.21.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux