Displaying 20 results from an estimated 10000 matches similar to: "[PATCH nbdkit v2 0/3] ip: Add filtering by process ID, user ID and group ID."
2020 Oct 05
4
[PATCH nbdkit v3 0/4] ip: Add filtering by process ID, user ID and group ID.
v2 was here:
https://www.redhat.com/archives/libguestfs/2020-October/msg00019.html
v3:
* defence -> defense
* Use int64_t instead of int. This compiles on Windows.
* Add GC wrappers to OCaml bindings.
* New FreeBSD patch.
* Removed "pid:" example from the ip filter manual, and added a warning
beside the pid documentation.
Rich.
2020 Oct 03
2
[PATCH nbdkit 0/2] ip: Add filtering by process ID, user ID and group ID.
These two commits add new APIs and enhance nbdkit-ip-filter to allow
filtering of Unix domain sockets by the client's PID, UID or GID. eg:
nbdkit -U sock --filter=ip ... allow=uid:`id -u` deny=all
Rich.
2020 Oct 05
3
Re: [PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
On 10/3/20 1:50 PM, Richard W.M. Jones wrote:
> New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be
> used on Linux (only) to read the peer PID, UID and GID from clients
> connected over a Unix domain socket. This can be used in the
> preconnect phase to add additional filtering.
>
> One use for this is to add an extra layer of authentication for local
>
2020 Oct 03
0
[PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be
used on Linux (only) to read the peer PID, UID and GID from clients
connected over a Unix domain socket. This can be used in the
preconnect phase to add additional filtering.
One use for this is to add an extra layer of authentication for local
connections. A subsequent commit will enhance the now misnamed
nbdkit-ip-filter to
2020 Oct 05
2
Re: [PATCH nbdkit v2 3/3] ocaml: Add bindings for nbdkit_peer_{pid, uid, gid}.
On 10/3/20 1:50 PM, Richard W.M. Jones wrote:
> ---
> plugins/ocaml/NBDKit.mli | 7 +++++++
> plugins/ocaml/NBDKit.ml | 4 ++++
> plugins/ocaml/bindings.c | 24 ++++++++++++++++++++++++
> 3 files changed, 35 insertions(+)
>
> diff --git a/plugins/ocaml/NBDKit.mli b/plugins/ocaml/NBDKit.mli
> index ececd5fd..8abfeb49 100644
> --- a/plugins/ocaml/NBDKit.mli
> +++
2020 Oct 05
0
Re: [PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
On Mon, Oct 05, 2020 at 08:21:50AM -0500, Eric Blake wrote:
> On 10/3/20 1:50 PM, Richard W.M. Jones wrote:
> > New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be
> > used on Linux (only) to read the peer PID, UID and GID from clients
> > connected over a Unix domain socket. This can be used in the
> > preconnect phase to add additional filtering.
2020 Oct 05
1
Re: [PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
On Mon, Oct 05, 2020 at 02:38:37PM +0100, Daniel P. Berrangé wrote:
> On Mon, Oct 05, 2020 at 08:21:50AM -0500, Eric Blake wrote:
> > On 10/3/20 1:50 PM, Richard W.M. Jones wrote:
> > > New nbdkit_peer_pid, nbdkit_peer_uid and nbdkit_peer_gid calls can be
> > > used on Linux (only) to read the peer PID, UID and GID from clients
> > > connected over a Unix domain
2020 Aug 27
4
[PATCH nbdkit 0/2] Temporarily remove .list_exports for nbdkit 1.22
If you're following nbdkit development upstream you'll have seen that
we are still making changes to the .list_exports and related APIs.
The current .list_exports API upstream is not how it will look
finally. The latest set of proposals was here:
https://www.redhat.com/archives/libguestfs/2020-August/thread.html#00330
At the same time I'd like to do an nbdkit 1.22 (stable) release.
2020 Aug 25
9
[nbdkit PATCH 0/5] Implement .default_export, nbdkit_string_intern
More patches on the way for improving .list_exports signature and
adding .export_description, but this is the promised code showing
why nbdkit_string_intern is useful. Patch 4 is somewhat RFC: we
could either add new API to take the boilerplate from:
foo_config(const char *key, const char *value) {
if (strcmp (key, "file") == 0) {
CLEANUP_FREE char *tmp = nbdkit_realpath (value);
2020 Oct 03
0
[PATCH nbdkit v2 2/3] ip: Add filtering by process ID, user ID and group ID.
---
filters/ip/nbdkit-ip-filter.pod | 64 +++++++++++++++++++++++++-----
tests/Makefile.am | 14 ++++++-
filters/ip/ip.c | 69 +++++++++++++++++++++++++++++---
tests/test-ip-filter-gid.sh | 51 ++++++++++++++++++++++++
tests/test-ip-filter-pid.sh | 70 +++++++++++++++++++++++++++++++++
tests/test-ip-filter-uid.sh | 51 ++++++++++++++++++++++++
6 files
2020 Aug 27
10
[nbdkit PATCH v2 0/8] exportname filter
This is a revision of my .default_export work, plus new work on
.export_descriptions and a new exportname filter. I think it is
now ready to check in.
Things I'd still like in 1.22:
- the file plugin should implement .list_exports (patch already posted,
but it needs rebasing on this series)
- the ext2 filter should override .list_exports when in exportname mode
- the nbd plugin should be
2020 Oct 03
0
[PATCH nbdkit v2 3/3] ocaml: Add bindings for nbdkit_peer_{pid, uid, gid}.
---
plugins/ocaml/NBDKit.mli | 7 +++++++
plugins/ocaml/NBDKit.ml | 4 ++++
plugins/ocaml/bindings.c | 24 ++++++++++++++++++++++++
3 files changed, 35 insertions(+)
diff --git a/plugins/ocaml/NBDKit.mli b/plugins/ocaml/NBDKit.mli
index ececd5fd..8abfeb49 100644
--- a/plugins/ocaml/NBDKit.mli
+++ b/plugins/ocaml/NBDKit.mli
@@ -162,3 +162,10 @@ val shutdown : unit -> unit
(** Print a
2019 Sep 15
13
[PATCH nbdkit 0/4] Reflection plugin, peer name.
This series is based on my blog posting here:
https://rwmj.wordpress.com/2019/09/13/nbdkit-supports-exportnames/
It depends on the fix for realloc:
https://www.redhat.com/archives/libguestfs/2019-September/thread.html#00103
This series adds a fun plugin, and also an semi-related feature I've
long thought to be desirable. You can consider patches 1 & 4, and
patches 2 & 3 as forming
2020 Sep 21
18
[nbdkit PATCH v3 00/14] exportname filter
It's been several weeks since I posted v2 (I got distracted by
improving libnbd to better test things, which in turn surfaced some
major memory leak problems in nbdsh that are now fixed). Many of the
patches are minor rebases from v2, with the biggest changes being
fallout from:
- patch 2: rename nbdkit_add_default_export to nbdkit_use_default_export
- overall: this missed 1.22, so update
2020 Oct 20
1
[PATCH nbdkit INCOMPLETE] New filter: exitwhen: exit gracefully when an event occurs.
This incomplete patch adds a new filter allowing more control over
when nbdkit exits. You can now get nbdkit to exit gracefully on
certain events, such as a file being created, a pipe held open by
another process going away, or when another PID exits. There is also
a script option to allow for completely custom events.
It is untested at the moment, I'm posting it to get feedback on the
2010 Jun 04
2
[Bug 1775] New: RFE: Would like to use 'abstract' unix sockets for ControlPath
https://bugzilla.mindrot.org/show_bug.cgi?id=1775
Summary: RFE: Would like to use 'abstract' unix sockets for
ControlPath
Product: Portable OpenSSH
Version: 5.5p1
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: ssh
AssignedTo:
2006 Sep 25
1
[PATCH] implementation of getpeereid() for Solaris
hi, Solaris doesn't have getpeereid() or SO_PEERCRED. However,
getpeerucred() is perfectly usable for that; and it's in Solaris 10 and
OpenSolaris. So, ssh-agent(1) security there so far depends only on
permissions of the socket directory and with this patch it checks peer's
credentials, too. I patched following files using a snapshot from 20060921:
openssh/config.h.in
2019 Mar 06
2
[PATCH nbdkit] Add ssh plugin using libssh.
This adds a simple plugin using libssh (not libssh2). The intended
use for this is with virt-v2v when sourcing guests from VMware over
SSH.
We've had several years of problems getting our libssh-based driver
into qemu. By putting it into nbdkit instead we can bypass that.
However this also lets us combine ssh access with filters, in
particular the recently written ‘rate’ filter.
Rich.
2019 Apr 29
3
[nbdkit PATCH 0/2] Let nbd plugin connect to TCP socket
Accepting only Unix sockets can be a bit limiting; let's be more flexible.
Eric Blake (2):
nbd: Refactor Unix socket connection
nbd: Support TCP socket
plugins/nbd/nbdkit-nbd-plugin.pod | 36 ++++--
plugins/nbd/nbd.c | 175 ++++++++++++++++++++++--------
TODO | 3 -
3 files changed, 161 insertions(+), 53 deletions(-)
--
2.20.1
2020 Mar 16
1
[PATCH nbdkit] New tmpdisk plugin.
Unfinished (needs tests). This is my attempt to make a
"remote tmpfs" plugin as outlined in this prior email:
https://www.redhat.com/archives/libguestfs/2020-March/msg00134.html
Although it would be possible to construct something a bit like this
using existing plugins and filters (perhaps with some new features in
those filters) I think it may be nicer to have a dedicated plugin for