similar to: libvirt remote connection

It seems, that I have turned off all encryption for tcp in libvirt.conf, but still rpc packets are not showed, only tcp. I suppose, that I don't need to add additional plugins to wirehark for libvirt and rpc, am I right? 2017-04-21 11:23 GMT+03:00 Daniel P. Berrange <berrange@redhat.com>: > On Fri, Apr 21, 2017 at 10:16:47AM +0300, Anastasiya Ruzhanskaya wrote: > > Hello, >

Hello! Does libvirt uses certificate pinning in tls? I want to setup a transparent proxy (mitmproxy) and can't do this even after I added mitmproxy ca certificate to the trusted certificates in ubuntu.

On Wed, May 09, 2018 at 10:00:19AM +0100, Daniel P. Berrangé wrote: > On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wrote: > > Here https://libvirt.org/acl.html is stated that you designed this access > > control system as pluggable. Are there any options ( even with modifying > > libvirt code) to plug in any custom driver? > > I just need to take a

Excuse me for renewing this discussion, but I am curious if you would add new module, which will be able to process users not based on unix processes, from where do you plan to get usernames? I mean, virt-manager could give them, as there is authentication in GUI, but for example when using oVirt, none of the usernames reach libvirt through the communication between server and nodes. 2018-05-09

Ok, excuse me for misunderstanding, how it is possible then to set up access control when I use remote connection to KVM ( not in UNIX domain)? Is there any way within libvirt, maybe based on authentication or certificates? 2018-05-09 11:14 GMT+03:00 Daniel P. Berrangé <berrange@redhat.com>: > On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote: > > I read this

Here https://libvirt.org/acl.html is stated that you designed this access control system as pluggable. Are there any options ( even with modifying libvirt code) to plug in any custom driver? I just need to take a try and design something that will support remote access control. I am not sure if sVirt is the right thing I should look at. 2018-05-09 11:27 GMT+03:00 Daniel P. Berrangé

And how libvirt checks that it trusts the CA? Just simply inspects the cacert.pem file? Or it has some information inside about by which CA were signed client and server certificates and then compares against stored values? I mean can I just concatenate after signing or I need to combine two CAs before generating libvirt's client and server certificates? пн, 10 дек. 2018 г. в 13:11, Daniel P.

I read this page https://libvirt.org/aclpolkit.html And it is written :"At this point in time, the only attribute provided by libvirt to identify the user invoking the operation is the PID of the client program. This means that the polkit access control driver is only useful if connections to libvirt are restricted to its UNIX domain socket." 2018-05-09 11:00 GMT+03:00 Daniel P.

I actually didn't quite catch,why oVirt can't just pass user information and you could check against it? This may require to create some configuration files for libvirt about end users. What is a advantage of authenticating oVirt, and then impersonation for end user? 2018-05-11 16:37 GMT+03:00 Daniel P. Berrangé <berrange@redhat.com>: > On Fri, May 11, 2018 at 04:26:36PM +0300,

Hello! According to the documentation access control drivers are not in really "good condition". There is a polkit, but it can distinguish users only according the pid. However, I have met some articles about more fine-grained control and about selinux drivers for libvirt? So, what is the status now? Should I implement something by myself if I want access based on login, are their

Ok, thank you. I will play around with it. I also noticed, that libvirt does not use this SNI extension. Actually,this not needed here, as we have only one location for server certificate, but this requires some modifications in mitmproxy, as for example tls in web browsers always include this SNI extensions. Are there maybe other big differences in tls implementation in libvirt or maybe some

I see. I also know OpenStack uses libvirt, nova-compute has a driver for communication. I have briefly looked through these 10 thousand lines of code in overall on github for openstack's libvirt driver and didn't notice any user info as well. To make the picture full don't you know is there the same scheme there: some high level openstack api with user information and passing only

Hi, I wanted just to ask an additional question to that: how then here in the polkit documentation you distinguish users?: Consider a local user berrange who has been granted permission to connect > to libvirt in full read-write mode. > 2018-04-12 11:01 GMT+03:00 Erik Skultety <eskultet@redhat.com>: > On Thu, Mar 22, 2018 at 08:17:15PM +0300, Anastasiya Ruzhanskaya wrote: >

To continue this topic: sometimes SCEV's behavior is rather controversial : for loops with i changing as i \=2 for example, he can't figure what the type of expressions is, but surprisingly can determine max trip count. Shouldn't it be able to detect or not detect these parameters at the same time? 2017-08-11 15:56 GMT+02:00 Anastasiya Ruzhanskaya < anastasiya.ruzhanskaya at

Thank you for your answer! I tested your example, yes, perhaps I should preserve some kind of tree to parse this start and end expressions for induction variable... I was surprised, that SCEV cannot compute the tripcount here. I thought, that all linear and maybe expressions with multiplication are suitable for analysis. 2017-08-10 19:30 GMT+02:00 Sanjoy Das <sanjoy at google.com>: > Hi

This support was removed years ago from indvars. We don't need canonical induction variables any more as all analysis are done on SCEVs. The SCEV generator can transform them even without the need for explicit canonical induction variables. Best, Tobias On Wed, Aug 9, 2017, at 14:23, Anastasiya Ruzhanskaya via llvm-dev wrote: > The files of this strange pass are described here >

I am primarily interested in phi nodes and their induction variables, in ValueTracking file there is an analysis of them, but if the upper bound is inf, it is not working? 2017-08-07 11:41 GMT+02:00 Anastasiya Ruzhanskaya < anastasiya.ruzhanskaya at frtk.ru>: > So, it is not supported to determine by this instruction : %cmp = icmp slt > i32 %i.03, 99, > that %i.03 = phi i32 [ 0,

Ok, thank you. I have also one question about getelementptr. In different versions of clang I see that sometimes array[i][i] is preceded by two getelementptr instructions and sometimes only by one - with an already complex index. 2017-09-01 12:50 GMT+02:00 David Chisnall <David.Chisnall at cl.cam.ac.uk>: > On 1 Sep 2017, at 11:44, Anastasiya Ruzhanskaya via llvm-dev < > llvm-dev

Hello, I wonder if llvm has pure range propagation pass. Is correlated value propagation that one? It seems that it is not directly deals with ranges. Maybe there any passes that simply contain some information about value ranges? Will symbolic value range propagation be done in some time? -------------- next part -------------- An HTML attachment was scrubbed... URL:

No. It would be helpful to understand what you are trying to accomplish overall, which may help people give you details about the best way to accomplish it. For example, if you are trying to understand or recover array indexes from GEP's, that is non-trivial. On Sat, Sep 2, 2017 at 3:53 AM, Anastasiya Ruzhanskaya via llvm-dev < llvm-dev at lists.llvm.org> wrote: > Is there a way