<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 7, 2017 at 5:26 PM, Roy Golan <span dir="ltr"><<a href="mailto:rgolan@redhat.com" target="_blank">rgolan@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>Still someone could call conirmConnectivity, no? so the state isn't guarded from localhost tinkering anyhow. If you really need a solution you can acuire a token for this operation by setupNetworks, and confirm connectivity with this token passed back.<br></div></div></div></blockquote><div><br></div><div>At this stage, the problem is not focus on security. If the usage is wrong it will indeed break things, attacking that will require some more advance means (but I am not sure we need it in a close system).<br><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><br></div><div>I'm not sure about the severity of the problem here, I'll let other reply, but I'm against this kind of solution.<br></div><div> <br></div><div><br></div></div></div><div class="HOEnZb"><div class="h5"><br><div class="gmail_quote"><div dir="ltr">On Mon, 7 Aug 2017 at 15:32 Petr Horacek <<a href="mailto:phoracek@redhat.com" target="_blank">phoracek@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
current VDSM ping verb has a problem - it confirms network<br>
connectivity as a side-effect. After Engine calls setupNetwork it<br>
pings VDSM host to confirm that external network connectivity is not<br>
broken. This prohibits other users to call ping from localhost since<br>
it would confirm connectivity even though networking could be broken.<br>
<br>
In order to fix this problem ping should be split to ping2 (which just<br>
returns Success with no side-effect) and confirmConnectivity. Change<br>
on VDSM side was introduced in [1], we still need to expose new verbs<br>
in Engine.<br>
<br>
Regards,<br>
Petr<br>
<br>
[1] <a href="https://gerrit.ovirt.org/#/c/80119/" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/#/c/<wbr>80119/</a><br>
______________________________<wbr>_________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org" target="_blank">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/devel</a><br>
</blockquote></div>
</div></div><br>______________________________<wbr>_________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/<wbr>mailman/listinfo/devel</a><br></blockquote></div><br></div></div>