GNU bug report logs -
#66156
[PATCH 00/12] Introducing Smart Hurdloading
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Fri, 22 Sep 2023 12:54:01 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
With offloading to a childhurd is enabled, allowing password-less root
login in the childhurd to anyone amounts to providing write access to
the host’s store to anyone. Thus, disable password-based root logins in
the childhurd.
* gnu/services/virtualization.scm (%hurd-vm-operating-system): Change
‘permit-root-login’ to 'prohibit-password.
* gnu/tests/virtualization.scm (%childhurd-os): Provide a custom ‘os’
field for ‘hurd-vm-configuration’.
* doc/guix.texi (Virtualization Services): Remove mention of
password-less root login.
---
doc/guix.texi | 5 -----
gnu/services/virtualization.scm | 2 +-
gnu/tests/virtualization.scm | 15 ++++++++++++++-
3 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 472e2e0958..95f29a2d19 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -35718,11 +35718,6 @@ Virtualization Services
The default configuration (see @code{hurd-vm-configuration} below)
spawns a secure shell (SSH) server in your GNU/Hurd system, which QEMU
(the virtual machine emulator) redirects to port 10222 on the host.
-Thus, you can connect over SSH to the childhurd with:
-
-@example
-ssh root@@localhost -p 10022
-@end example
The childhurd is volatile and stateless: it starts with a fresh root
file system every time you restart it. By default though, all the files
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index 258b503461..930c2ce702 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -1080,7 +1080,7 @@ (define %hurd-vm-operating-system
(openssh-configuration
(openssh openssh-sans-x)
(use-pam? #f)
- (permit-root-login #t)
+ (permit-root-login 'prohibit-password)
(allow-empty-passwords? #t)
(password-authentication? #t)))
diff --git a/gnu/tests/virtualization.scm b/gnu/tests/virtualization.scm
index 9e7928703e..599e58edf0 100644
--- a/gnu/tests/virtualization.scm
+++ b/gnu/tests/virtualization.scm
@@ -31,6 +31,7 @@ (define-module (gnu tests virtualization)
#:use-module (gnu services)
#:use-module (gnu services dbus)
#:use-module (gnu services networking)
+ #:use-module (gnu services ssh)
#:use-module (gnu services virtualization)
#:use-module (gnu packages ssh)
#:use-module (gnu packages virtualization)
@@ -228,7 +229,19 @@ (define %test-qemu-guest-agent
(define %childhurd-os
(simple-operating-system
(service dhcp-client-service-type)
- (service hurd-vm-service-type)))
+ (service hurd-vm-service-type
+ (hurd-vm-configuration
+ ;; Allow root login with an empty password to simplify the test
+ ;; below.
+ (os (operating-system
+ (inherit %hurd-vm-operating-system)
+ (services
+ (modify-services (operating-system-user-services
+ %hurd-vm-operating-system)
+ (openssh-service-type
+ config => (openssh-configuration
+ (inherit config)
+ (permit-root-login #t)))))))))))
(define (run-childhurd-test)
(define os
--
2.41.0
This bug report was last modified 1 year and 291 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.