From 5cb0957f35a2274e09f9b2a29ada5a4bc9b5737d Mon Sep 17 00:00:00 2001 From: grossmj Date: Tue, 20 Nov 2018 00:22:16 +0700 Subject: [PATCH] Require privileged access for uBridge when using VMware VMs and Docker containers. Fixes #1461. --- gns3server/compute/base_node.py | 11 +++++++---- gns3server/compute/docker/docker_vm.py | 2 +- gns3server/compute/vmware/vmware_vm.py | 2 +- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/gns3server/compute/base_node.py b/gns3server/compute/base_node.py index 706fb645..6b0084d4 100644 --- a/gns3server/compute/base_node.py +++ b/gns3server/compute/base_node.py @@ -78,6 +78,7 @@ class BaseNode: self._wrapper_telnet_server = None self._internal_console_port = None self._custom_adapters = [] + self._ubridge_require_privileged_access = False if self._console is not None: if console_type == "vnc": @@ -533,7 +534,7 @@ class BaseNode: """ if not self._ubridge_hypervisor or not self._ubridge_hypervisor.is_running(): - await self._start_ubridge() + await self._start_ubridge(self._ubridge_require_privileged_access) if not self._ubridge_hypervisor or not self._ubridge_hypervisor.is_running(): raise NodeError("Cannot send command '{}': uBridge is not running".format(command)) try: @@ -542,7 +543,7 @@ class BaseNode: raise UbridgeError("Error while sending command '{}': {}: {}".format(command, e, self._ubridge_hypervisor.read_stdout())) @locking - async def _start_ubridge(self): + async def _start_ubridge(self, require_privileged_access=False): """ Starts uBridge (handles connections to and from this node). """ @@ -554,8 +555,8 @@ class BaseNode: if self.ubridge_path is None: raise NodeError("uBridge is not available, path doesn't exist, or you just installed GNS3 and need to restart your user session to refresh user permissions.") - #if not self._manager.has_privileged_access(self.ubridge_path): - # raise NodeError("uBridge requires root access or the capability to interact with network adapters") + if require_privileged_access and not self._manager.has_privileged_access(self.ubridge_path): + raise NodeError("uBridge requires root access or the capability to interact with network adapters") server_config = self._manager.config.get_section_config("Server") server_host = server_config.get("host") @@ -566,6 +567,8 @@ class BaseNode: if self._ubridge_hypervisor: log.info("Hypervisor {}:{} has successfully started".format(self._ubridge_hypervisor.host, self._ubridge_hypervisor.port)) await self._ubridge_hypervisor.connect() + # save if privileged are required in case uBridge needs to be restarted in self._ubridge_send() + self._ubridge_require_privileged_access = require_privileged_access async def _stop_ubridge(self): """ diff --git a/gns3server/compute/docker/docker_vm.py b/gns3server/compute/docker/docker_vm.py index fe975fb2..38fdc9c0 100644 --- a/gns3server/compute/docker/docker_vm.py +++ b/gns3server/compute/docker/docker_vm.py @@ -434,7 +434,7 @@ class DockerVM(BaseNode): await self.manager.query("POST", "containers/{}/start".format(self._cid)) self._namespace = await self._get_namespace() - await self._start_ubridge() + await self._start_ubridge(require_privileged_access=True) for adapter_number in range(0, self.adapters): nio = self._ethernet_adapters[adapter_number].get_nio(0) diff --git a/gns3server/compute/vmware/vmware_vm.py b/gns3server/compute/vmware/vmware_vm.py index f1fb7e0d..c656a6b8 100644 --- a/gns3server/compute/vmware/vmware_vm.py +++ b/gns3server/compute/vmware/vmware_vm.py @@ -432,7 +432,7 @@ class VMwareVM(BaseNode): if not ubridge_path or not os.path.isfile(ubridge_path): raise VMwareError("ubridge is necessary to start a VMware VM") - await self._start_ubridge() + await self._start_ubridge(require_privileged_access=True) self._read_vmx_file() # check if there is enough RAM to run if "memsize" in self._vmx_pairs: