Require privileged access for uBridge when using VMware VMs and Docker containers. Fixes #1461.

This commit is contained in:
grossmj 2018-11-20 00:22:16 +07:00
parent 3fae6ada95
commit 5cb0957f35
3 changed files with 9 additions and 6 deletions

View File

@ -78,6 +78,7 @@ class BaseNode:
self._wrapper_telnet_server = None self._wrapper_telnet_server = None
self._internal_console_port = None self._internal_console_port = None
self._custom_adapters = [] self._custom_adapters = []
self._ubridge_require_privileged_access = False
if self._console is not None: if self._console is not None:
if console_type == "vnc": if console_type == "vnc":
@ -533,7 +534,7 @@ class BaseNode:
""" """
if not self._ubridge_hypervisor or not self._ubridge_hypervisor.is_running(): if not self._ubridge_hypervisor or not self._ubridge_hypervisor.is_running():
await self._start_ubridge() await self._start_ubridge(self._ubridge_require_privileged_access)
if not self._ubridge_hypervisor or not self._ubridge_hypervisor.is_running(): if not self._ubridge_hypervisor or not self._ubridge_hypervisor.is_running():
raise NodeError("Cannot send command '{}': uBridge is not running".format(command)) raise NodeError("Cannot send command '{}': uBridge is not running".format(command))
try: try:
@ -542,7 +543,7 @@ class BaseNode:
raise UbridgeError("Error while sending command '{}': {}: {}".format(command, e, self._ubridge_hypervisor.read_stdout())) raise UbridgeError("Error while sending command '{}': {}: {}".format(command, e, self._ubridge_hypervisor.read_stdout()))
@locking @locking
async def _start_ubridge(self): async def _start_ubridge(self, require_privileged_access=False):
""" """
Starts uBridge (handles connections to and from this node). Starts uBridge (handles connections to and from this node).
""" """
@ -554,8 +555,8 @@ class BaseNode:
if self.ubridge_path is None: if self.ubridge_path is None:
raise NodeError("uBridge is not available, path doesn't exist, or you just installed GNS3 and need to restart your user session to refresh user permissions.") raise NodeError("uBridge is not available, path doesn't exist, or you just installed GNS3 and need to restart your user session to refresh user permissions.")
#if not self._manager.has_privileged_access(self.ubridge_path): if require_privileged_access and not self._manager.has_privileged_access(self.ubridge_path):
# raise NodeError("uBridge requires root access or the capability to interact with network adapters") raise NodeError("uBridge requires root access or the capability to interact with network adapters")
server_config = self._manager.config.get_section_config("Server") server_config = self._manager.config.get_section_config("Server")
server_host = server_config.get("host") server_host = server_config.get("host")
@ -566,6 +567,8 @@ class BaseNode:
if self._ubridge_hypervisor: if self._ubridge_hypervisor:
log.info("Hypervisor {}:{} has successfully started".format(self._ubridge_hypervisor.host, self._ubridge_hypervisor.port)) log.info("Hypervisor {}:{} has successfully started".format(self._ubridge_hypervisor.host, self._ubridge_hypervisor.port))
await self._ubridge_hypervisor.connect() await self._ubridge_hypervisor.connect()
# save if privileged are required in case uBridge needs to be restarted in self._ubridge_send()
self._ubridge_require_privileged_access = require_privileged_access
async def _stop_ubridge(self): async def _stop_ubridge(self):
""" """

View File

@ -434,7 +434,7 @@ class DockerVM(BaseNode):
await self.manager.query("POST", "containers/{}/start".format(self._cid)) await self.manager.query("POST", "containers/{}/start".format(self._cid))
self._namespace = await self._get_namespace() self._namespace = await self._get_namespace()
await self._start_ubridge() await self._start_ubridge(require_privileged_access=True)
for adapter_number in range(0, self.adapters): for adapter_number in range(0, self.adapters):
nio = self._ethernet_adapters[adapter_number].get_nio(0) nio = self._ethernet_adapters[adapter_number].get_nio(0)

View File

@ -432,7 +432,7 @@ class VMwareVM(BaseNode):
if not ubridge_path or not os.path.isfile(ubridge_path): if not ubridge_path or not os.path.isfile(ubridge_path):
raise VMwareError("ubridge is necessary to start a VMware VM") raise VMwareError("ubridge is necessary to start a VMware VM")
await self._start_ubridge() await self._start_ubridge(require_privileged_access=True)
self._read_vmx_file() self._read_vmx_file()
# check if there is enough RAM to run # check if there is enough RAM to run
if "memsize" in self._vmx_pairs: if "memsize" in self._vmx_pairs: