Re: [PATCH] remote: Forbid default "/session" connections when using ssh transport

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/13/13 16:42, Laine Stump wrote:
On 06/13/2013 05:46 AM, Peter Krempa wrote:
On 06/12/13 21:34, Laine Stump wrote:
On 06/10/2013 08:44 AM, Peter Krempa wrote:


Can you include in the commit log a link to the BZ describing this
problem? It helps *immensely* when trying to trace things months/years
later.


There isn't any publicly available BZ describing this problem so I
chose not to put the private link in the commit. I can do it if you
insist but having private links in a public repo doesn't seem right to
me.

Sigh.

No, I agree that private BZ's shouldn't be linked in a public repo, as
it just causes frustration for those without access to the private BZ.
It's unfortunate that the BZ was private, though (although there's
nothing that we could do about it other than filing a parallel BZ)

Indeed. Open source could be a bit more open sometimes.





A totally naive question: do we want to only allow "/system"? or
'anything except "/session"'?

We want to forbid only "/session" with the default socket path which
won't work right now. A user is able to start a session daemon and
successfully connect to it even with this patch. The user has to
manually specify a socket path.

Rejecting everything except "/system" would break drivers that use
different path.

Okay, I just wanted to make sure. So ACK as it is then.

Thanks for the review. Pushed.

Peter

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]