diff mbox series

[12/14] qga: mark guest-exec-* commands with 'unrestricted' flag

Message ID 20240604153242.251334-13-berrange@redhat.com
State New
Headers show
Series Improve mechanism for configuring allowed commands | expand

Commit Message

Daniel P. Berrangé June 4, 2024, 3:32 p.m. UTC 
This blocks use of all the 'guest-exec-*' commands unless the QGA is run
with the --unrestricted command line argument.

These commands allow the host admin to execute arbitrary programs and so
directly compromise the guest OS.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
 qga/qapi-schema.json | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/qga/qapi-schema.json b/qga/qapi-schema.json
index 2f80d89536..a4f8653446 100644
--- a/qga/qapi-schema.json
+++ b/qga/qapi-schema.json
@@ -1454,11 +1454,17 @@ 
 #
 # Returns: GuestExecStatus
 #
+# Features:
+#
+# @unrestricted: not permitted if agent disables unrestricted
+#                resource access mode
+#
 # Since: 2.5
 ##
 { 'command': 'guest-exec-status',
   'data':    { 'pid': 'int' },
-  'returns': 'GuestExecStatus' }
+  'returns': 'GuestExecStatus',
+  'features': [ 'unrestricted' ] }
 
 ##
 # @GuestExec:
@@ -1527,12 +1533,18 @@ 
 #
 # Returns: PID
 #
+# Features:
+#
+# @unrestricted: not permitted if agent disables unrestricted
+#                resource access mode
+#
 # Since: 2.5
 ##
 { 'command': 'guest-exec',
   'data':    { 'path': 'str', '*arg': ['str'], '*env': ['str'],
                '*input-data': 'str', '*capture-output': 'GuestExecCaptureOutput' },
-  'returns': 'GuestExec' }
+  'returns': 'GuestExec',
+  'features': [ 'unrestricted' ] }
 
 
 ##