com>:
> On Fri, Apr 21, 2017 at 10:16:47AM +0300, Anastasiya Ruzhanskaya wrote:
> > Hello,
> > I have some questions about libvirt remote connection.
> > Am I right that internally libvirt uses only tcp ( ssh and tls are only
> > encryption based on this) + ftp ( when working wi
Hello,
I have some questions about libvirt remote connection.
Am I right that internally libvirt uses only tcp ( ssh and tls are only
encryption based on this) + ftp ( when working with image itself)? Also I
have found that it uses RPC. However, as I know RPC runs above tcp but I
cannot capture
What is exactly the format of data being sent across remote connection (
from client to server with RPC protocol)? I see, there is XML but converted
to string.
___
libvirt-users mailing list
libvirt-users@redhat.com
I also wanted to know,
where the information about current session is sent?
In which structures ( I actually didn't find this in code)?
Is it appended to every sent procedure or not? Or maybe libvirt checks in
some other way ?
Thank you.
2017-12-10 20:57 GMT+01:00 Anastasiya Ruzhanskaya
Hello,
I am experimenting with libvirt for my diploma. I set up an environment,
where I can stop, resend, generate messages for libvirt.
I am capable also standing between client and server and analyze the number
of current procedure and decide what to do next ( I mean rpc procedure).
So, for
Hello,
I am currently trying to install certificates for tls. By this time I have
got some questions:
1) Is documentation in the web docs up-to-date regarding tls server,
client, ca certificates? (actually I have some problems, but maybe this is
due to smth has changed in certtools and was not
<eskul...@redhat.com>:
> On Thu, Mar 22, 2018 at 08:17:15PM +0300, Anastasiya Ruzhanskaya wrote:
> > Hello everyone,
> > I have a question about logging. I need to find out whether it is
> possible
> > to see user id/session id inside logs or somewhere else. It is not passed
>
And also I heard that there is support of a SElinux driver..
2018-05-07 12:41 GMT+03:00 Anastasiya Ruzhanskaya <
anastasiya.ruzhansk...@frtk.ru>:
> Hi, I wanted just to ask an additional question to that:
> how then here in the polkit documentation you distinguish users?:
>
>
Hello!
Where I can get maybe a tutorial or smth like this about how to use SELinux
with libvirt?
___
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
if sVirt is the right thing I should look at.
2018-05-09 11:27 GMT+03:00 Daniel P. Berrangé <berra...@redhat.com>:
> On Wed, May 09, 2018 at 11:21:22AM +0300, Anastasiya Ruzhanskaya wrote:
> > Ok, excuse me for misunderstanding, how it is possible then to set up
> > access cont
tions to libvirt are restricted to its UNIX domain socket."
2018-05-09 11:00 GMT+03:00 Daniel P. Berrangé <berra...@redhat.com>:
> On Wed, May 09, 2018 at 09:46:28AM +0300, Anastasiya Ruzhanskaya wrote:
> > Hello!
> > According to the documentation access control drivers are no
com>:
> On Wed, May 09, 2018 at 11:13:01AM +0300, Anastasiya Ruzhanskaya wrote:
> > I read this page https://libvirt.org/aclpolkit.html
> > And it is written :"At this point in time, the only attribute provided by
> > libvirt to identify the user invoking the operation is t
Hello!
According to the documentation access control drivers are not in really
"good condition". There is a polkit, but it can distinguish users only
according the pid. However, I have met some articles about more
fine-grained control and about selinux drivers for libvirt? So, what is the
status
Great, thanks for pointing this out. I will certainly look at it.
2018-05-09 14:41 GMT+03:00 Daniel P. Berrangé <berra...@redhat.com>:
> On Wed, May 09, 2018 at 10:00:19AM +0100, Daniel P. Berrangé wrote:
> > On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wr
Daniel P. Berrangé <berra...@redhat.com>:
> On Fri, May 11, 2018 at 04:26:36PM +0300, Anastasiya Ruzhanskaya wrote:
> > Excuse me for renewing this discussion, but I am curious if you would add
> > new module, which will be able to process users not based on unix
> > proces
rra...@redhat.com>:
> On Fri, May 11, 2018 at 04:26:36PM +0300, Anastasiya Ruzhanskaya wrote:
> > Excuse me for renewing this discussion, but I am curious if you would add
> > new module, which will be able to process users not based on unix
> > processes, from where do you pl
, none of the usernames reach libvirt through the communication
between server and nodes.
2018-05-09 14:46 GMT+03:00 Anastasiya Ruzhanskaya <
anastasiya.ruzhansk...@frtk.ru>:
> Great, thanks for pointing this out. I will certainly look at it.
>
> 2018-05-09 14:41 GMT+03:00 Dan
of string fields in RPC message, simply login = <...> inside message). Why
this (assume that it is possible to implement this for everyone) will not
work?
2018-05-14 12:25 GMT+03:00 Daniel P. Berrangé <berra...@redhat.com>:
> On Sat, May 12, 2018 at 11:36:08AM +0300, Anastasiya Ru
Hello everyone,
I have a question about logging. I need to find out whether it is possible
to see user id/session id inside logs or somewhere else. It is not passed
in structured across the network, so where should I look to find out, which
user (which session) is currently performing the actions?
And how I can tell libvirt to trust multiple CAs?
сб, 8 дек. 2018 г. в 11:19, Anastasiya Ruzhanskaya <
anastasiya.ruzhansk...@frtk.ru>:
> Hello!
> Does libvirt uses certificate pinning in tls? I want to setup a
> transparent proxy (mitmproxy) and can't do this even after I added
Hello!
Does libvirt uses certificate pinning in tls? I want to setup a transparent
proxy (mitmproxy) and can't do this even after I added mitmproxy ca
certificate to the trusted certificates in ubuntu.
___
libvirt-users mailing list
before generating libvirt's client and server certificates?
пн, 10 дек. 2018 г. в 13:11, Daniel P. Berrangé :
> Re-adding the libvirt-users list - please don't take discussions off-list.
>
> On Mon, Dec 10, 2018 at 01:10:18PM +0300, Anastasiya Ruzhanskaya wrote:
> > I already found
this SNI extensions.
Are there maybe other big differences in tls implementation in libvirt or
maybe some assumptions that are taken during tls handhake process?
пн, 10 дек. 2018 г. в 13:25, Daniel P. Berrangé :
> On Mon, Dec 10, 2018 at 01:22:32PM +0300, Anastasiya Ruzhanskaya wrote:
> >
ed somehow in the sent packets?
ср, 9 мая 2018 г. в 11:27, Daniel P. Berrangé :
> On Wed, May 09, 2018 at 11:21:22AM +0300, Anastasiya Ruzhanskaya wrote:
> > Ok, excuse me for misunderstanding, how it is possible then to set up
> > access control when I use remote connection to
Hello everyone!
I am trying without any success to decipher traffic from client to server
in virt-manager in wireshark, but I don't know the sessioon key there, so
seems no chance to do this.
This is why I want to ask, is any info related to the certificate sent
through the connection? Or if I
Hello everyone,
I am trying to set up sasl authentication in virt-manager. I read in one
existing bug, that it is better to use tls for encryption and sasl for
authentication, but not use sasl for both.
I configured tls, it was fine. Then I created a user "u" on server and
modified
(gssapi)
- it becomes harder to decrypt. Where should I look to find out how libvirt
does this decryption when sasl is used?
чт, 22 нояб. 2018 г. в 12:31, Jiri Denemark :
> On Thu, Nov 22, 2018 at 09:58:41 +0300, Anastasiya Ruzhanskaya wrote:
> > Hello!
> > I was investigating lib
Hello everyone,
I am trying to set up sasl authentication in virt-manager. I read in one
existing bug, that it is better to use tls for encryption and sasl for
authentication, but not use sasl for both.
I configured tls, it was fine. Then I created a user "u" on server and
modified
Hello everyone,
I am trying to set up sasl authentication in virt-manager. I read in one
existing bug, that it is better to use tls for encryption and sasl for
authentication, but not use sasl for both.
I configured tls, it was fine. Then I created a user "u" on server and
modified
29 matches
Mail list logo