This blocks use of all the 'guest-exec-*' commands unless the QGA is run
with the --unrestricted command line argument.
These commands allow the host admin to execute arbitrary programs and so
directly compromise the guest OS.
Signed-off-by: Daniel P. Berrangé <berra...@redhat.com>
---
qga/qapi-schema.json | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 2f80d89536..a4f8653446 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1454,11 +1454,17 @@
#
# Returns: GuestExecStatus
#
+# Features:
+#
+# @unrestricted: not permitted if agent disables unrestricted
+# resource access mode
+#
# Since: 2.5
##
{ 'command': 'guest-exec-status',
'data': { 'pid': 'int' },
- 'returns': 'GuestExecStatus' }
+ 'returns': 'GuestExecStatus',
+ 'features': [ 'unrestricted' ] }
##
# @GuestExec:
@@ -1527,12 +1533,18 @@
#
# Returns: PID
#
+# Features:
+#
+# @unrestricted: not permitted if agent disables unrestricted
+# resource access mode
+#
# Since: 2.5
##
{ 'command': 'guest-exec',
'data': { 'path': 'str', '*arg': ['str'], '*env': ['str'],
'*input-data': 'str', '*capture-output':
'GuestExecCaptureOutput' },
- 'returns': 'GuestExec' }
+ 'returns': 'GuestExec',
+ 'features': [ 'unrestricted' ] }
##
--
2.45.1
