1. 31 8月, 2011 1 次提交
    • D
      Remove bogus virSecurityManagerSetProcessFDLabel method · 18338388
      Daniel P. Berrange 提交于
      The virSecurityManagerSetProcessFDLabel method was introduced
      after a mis-understanding from a conversation about SELinux
      socket labelling. The virSecurityManagerSetSocketLabel method
      should have been used for all such scenarios.
      
      * src/security/security_apparmor.c, src/security/security_apparmor.c,
        src/security/security_driver.h, src/security/security_manager.c,
        src/security/security_manager.h, src/security/security_selinux.c,
        src/security/security_stack.c: Remove SetProcessFDLabel driver
      18338388
  2. 26 8月, 2011 2 次提交
    • J
      security: Introduce SetSocketLabel · 520d91f8
      Jiri Denemark 提交于
      This API labels all sockets created until ClearSocketLabel is called in
      a way that a vm can access them (i.e., they are labeled with svirt_t
      based label in SELinux).
      520d91f8
    • J
      security: Rename SetSocketLabel APIs to SetDaemonSocketLabel · 4c85d96f
      Jiri Denemark 提交于
      The APIs are designed to label a socket in a way that the libvirt daemon
      itself is able to access it (i.e., in SELinux the label is virtd_t based
      as opposed to svirt_* we use for labeling resources that need to be
      accessed by a vm). The new name reflects this.
      4c85d96f
  3. 19 8月, 2011 1 次提交
    • E
      maint: simplify lots of libxml2 clients · d89dd42d
      Eric Blake 提交于
      Repetitive patterns should be factored.  The sign of a good
      factorization is a change that kills 5x more lines than it adds :)
      
      * src/conf/domain_conf.c (virDomainDeviceDefParse)
      (virDomainSnapshotDefParseString): Use new convenience macros.
      * src/conf/storage_conf.c (virStoragePoolDefParseSourceString):
      Likewise.
      * src/cpu/cpu.c (cpuCompareXML, cpuBaselineXML): Likewise.
      * src/esx/esx_vi.c (esxVI_Context_Execute): Likewise.
      * src/qemu/qemu_migration.c (qemuMigrationCookieXMLParseStr):
      Likewise.
      * src/security/virt-aa-helper.c (caps_mockup): Likewise.
      * src/test/test_driver.c (testOpenFromFile): Likewise.
      * tests/cputest.c (cpuTestLoadXML, cpuTestLoadMultiXML):
      Likewise.
      * tools/virsh.c (cmdFreecell, makeCloneXML, cmdVNCDisplay)
      (cmdTTYConsole, cmdDetachInterface, cmdDetachDisk)
      (cmdSnapshotCreate, cmdSnapshotCreateAs, cmdSnapshotCurrent)
      (cmdSnapshotList, cmdSnapshotParent): Likewise.
      d89dd42d
  4. 22 7月, 2011 1 次提交
    • E
      build: rename files.h to virfile.h · 8e22e089
      Eric Blake 提交于
      In preparation for a future patch adding new virFile APIs.
      
      * src/util/files.h, src/util/files.c: Move...
      * src/util/virfile.h, src/util/virfile.c: ...here, and rename
      functions to virFile prefix.  Macro names are intentionally
      left alone.
      * *.c: All '#include "files.h"' uses changed.
      * src/Makefile.am (UTIL_SOURCES): Reflect rename.
      * cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise.
      * src/libvirt_private.syms: Likewise.
      * docs/hacking.html.in: Likewise.
      * HACKING: Regenerate.
      8e22e089
  5. 15 7月, 2011 1 次提交
    • J
      update apparmor security driver for new udev paths · 3d732040
      Jamie Strandboge 提交于
      In the Ubuntu development release we recently got a new udev that
      moves /var/run to /run, /var/lock to /run/lock and /dev/shm to /run/shm.
      This change in udev requires updating the apparmor security driver in
      libvirt[1].
      
      Attached is a patch that:
       * adjusts src/security/virt-aa-helper.c to allow both
      LOCALSTATEDIR/run/libvirt/**/%s.pid and /run/libvirt/**/%s.pid. While
      the profile is not as precise, LOCALSTATEDIR/run/ is typically a symlink
      to /run/ anyway, so there is no additional access (remember that
      apparmor resolves symlinks, which is why this is still required even
      if /var/run points to /run).
       * adjusts example/apparmor/libvirt-qemu paths for /dev/shm
      
      [1]https://launchpad.net/bugs/810270
      
      --
      Jamie Strandboge             | http://www.canonical.com
      3d732040
  6. 12 7月, 2011 1 次提交
    • M
      Add domain type checking · aa14709a
      Matthias Bolte 提交于
      The drivers were accepting domain configs without checking if those
      were actually meant for them. For example the LXC driver happily
      accepts configs with type QEMU.
      
      Add a check for the expected domain types to the virDomainDefParse*
      functions.
      aa14709a
  7. 06 7月, 2011 2 次提交
    • M
      apparmor: Finish incomplete renaming of relabel to norelabel · 2d2d6a01
      Matthias Bolte 提交于
      Commit 693eac38 was incomplete here.
      2d2d6a01
    • D
      Fix default value of security label 'relabel' attribute · 693eac38
      Daniel P. Berrange 提交于
      When no <seclabel> is present in the XML, the virDomainSeclabelDef
      struct is left as all zeros. Unfortunately, this means it gets setup
      as type=dynamic, with relabel=no, which is an illegal combination.
      
      Change the 'bool relabel' attribute in virDomainSeclabelDef to
      the inverse 'bool norelabel' so that the default initialization
      is sensible
      
      * src/conf/domain_conf.c, src/conf/domain_conf.h,
        src/security/security_apparmor.c, src/security/security_selinux.c:
        Replace 'relabel' with 'norelabel'
      693eac38
  8. 04 7月, 2011 2 次提交
    • D
      Allow for resource relabelling with static labels · 6321fd97
      Daniel P. Berrange 提交于
      Add a new attribute to the <seclabel> XML to allow resource
      relabelling to be enabled with static label usage.
      
        <seclabel model='selinux' type='static' relabel='yes'>
          <label>system_u:system_r:svirt_t:s0:c392,c662</label>
        </seclabel>
      
      * docs/schemas/domain.rng: Add relabel attribute
      * src/conf/domain_conf.c, src/conf/domain_conf.h: Parse
        the 'relabel' attribute
      * src/qemu/qemu_process.c: Unconditionally clear out the
        'imagelabel' attribute
      * src/security/security_apparmor.c: Skip based on 'relabel'
        attribute instead of label type
      * src/security/security_selinux.c: Skip based on 'relabel'
        attribute instead of label type and fill in <imagelabel>
        attribute if relabel is enabled.
      6321fd97
    • D
      Allow a base label to be specified in dynamic labelling mode · 4ebfc427
      Daniel P. Berrange 提交于
      Normally the dynamic labelling mode will always use a base
      label of 'svirt_t' for VMs. Introduce a <baselabel> field
      in the <seclabel> XML to allow this base label to be changed
      
      eg
      
         <seclabel type='dynamic' model='selinux'>
           <baselabel>system_u:object_r:virt_t:s0</baselabel>
         </seclabel>
      
      * docs/schemas/domain.rng: Add <baselabel>
      * src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing
        of base label
      * src/qemu/qemu_process.c: Don't reset 'model' attribute if
        a base label is specified
      * src/security/security_apparmor.c: Refuse to support base label
      * src/security/security_selinux.c: Use 'baselabel' when generating
        label, if available
      4ebfc427
  9. 28 6月, 2011 2 次提交
    • D
      Add a virSecurityManagerSetProcessFDLabel · 8e3c6fbb
      Daniel P. Berrange 提交于
      Add a new security driver method for labelling an FD with
      the process label, rather than the image label
      
      * src/libvirt_private.syms, src/security/security_apparmor.c,
        src/security/security_dac.c, src/security/security_driver.h,
        src/security/security_manager.c, src/security/security_manager.h,
        src/security/security_selinux.c, src/security/security_stack.c:
        Add virSecurityManagerSetProcessFDLabel & impl
      8e3c6fbb
    • D
      Rename virSecurityManagerSetFDLabel method · 4438c63e
      Daniel P. Berrange 提交于
      The virSecurityManagerSetFDLabel method is used to label
      file descriptors associated with disk images. There will
      shortly be a need to label other file descriptors in a
      different way. So the current name is ambiguous. Rename
      the method to virSecurityManagerSetImageFDLabel to clarify
      its purpose
      
      * src/libvirt_private.syms,
        src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
        src/security/security_apparmor.c, src/security/security_dac.c,
        src/security/security_driver.h, src/security/security_manager.c,
        src/security/security_manager.h, src/security/security_selinux.c,
        src/security/security_stack.c: s/FDLabel/ImageFDLabel/
      4438c63e
  10. 25 6月, 2011 1 次提交
    • J
      Move load of AppArmor profile to GenLabel() · 0b501bd4
      Jamie Strandboge 提交于
      Commit 12317957 introduced an incompatible
      architectural change for the AppArmor security driver. Specifically,
      virSecurityManagerSetAllLabel() is now called much later in
      src/qemu/qemu_process.c:qemuProcessStart(). Previously, SetAllLabel() was
      called immediately after GenLabel() such that after the dynamic label (profile
      name) was generated, SetAllLabel() would be called to create and load the
      AppArmor profile into the kernel before qemuProcessHook() was executed. With
      12317957, qemuProcessHook() is now called
      before SetAllLabel(), such that aa_change_profile() ends up being called
      before the AppArmor profile is loaded into the kernel (via ProcessLabel() in
      qemuProcessHook()).
      
      This patch addresses the change by making GenLabel() load the AppArmor
      profile into the kernel after the label (profile name) is generated.
      SetAllLabel() is then adjusted to only reload_profile() and append stdin_fn to
      the profile when it is specified. This also makes the AppArmor driver work
      like its SELinux counterpart with regard to SetAllLabel() and stdin_fn.
      Bug-Ubuntu: https://launchpad.net/bugs/801569
      0b501bd4
  11. 20 6月, 2011 1 次提交
    • J
      apparmor: implement AppArmorSetFDLabel() · b9757fea
      Jamie Strandboge 提交于
      During a savevm operation, libvirt will now use fd migration if qemu
      supports it. When the AppArmor driver is enabled, AppArmorSetFDLabel()
      is used but since this function simply returns '0', the dynamic AppArmor
      profile is not updated and AppArmor blocks access to the save file. This
      patch implements AppArmorSetFDLabel() to get the pathname of the file by
      resolving the fd symlink in /proc, and then gives that pathname to
      reload_profile(), which fixes 'virsh save' when AppArmor is enabled.
      
      Reference: https://launchpad.net/bugs/795800
      b9757fea
  12. 08 6月, 2011 1 次提交
  13. 04 6月, 2011 1 次提交
    • L
      security driver: ignore EINVAL when chowning an image file · 62ed801c
      Laine Stump 提交于
      This fixes:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=702044
        https://bugzilla.redhat.com/show_bug.cgi?id=709454
      
      Both of these complain of a failure to use an image file that resides
      on a read-only NFS volume. The function in the DAC security driver
      that chowns image files to the qemu user:group before using them
      already has special cases to ignore failure of chown on read-only file
      systems, and in a few other cases, but it hadn't been checking for
      EINVAL, which is what is returned if the qemu user doesn't even exist
      on the NFS server.
      
      Since the explanation of EINVAL in the chown man page almost exactly
      matches the log message already present for the case of EOPNOTSUPP,
      I've just added EINVAL to that same conditional.
      62ed801c
  14. 02 6月, 2011 1 次提交
    • E
      security: plug regression introduced in disk probe logic · b598ac55
      Eric Blake 提交于
      Regression introduced in commit d6623003 (v0.8.8) - using the
      wrong sizeof operand meant that security manager private data
      was overlaying the allowDiskFormatProbing member of struct
      _virSecurityManager.  This reopens disk probing, which was
      supposed to be prevented by the solution to CVE-2010-2238.
      
      * src/security/security_manager.c
      (virSecurityManagerGetPrivateData): Use correct offset.
      b598ac55
  15. 14 5月, 2011 2 次提交
  16. 13 5月, 2011 1 次提交
  17. 10 5月, 2011 1 次提交
  18. 06 5月, 2011 2 次提交
    • D
      Fix security driver handling of FIFOs with QEMU · d37c6a3a
      Daniel P. Berrange 提交于
      When setting up a FIFO for QEMU, it allows either a pair
      of fifos used unidirectionally, or a single fifo used
      bidirectionally. Look for the bidirectional fifo first
      when labelling since that is more useful
      
      * src/security/security_dac.c,
        src/security/security_selinux.c: Fix fifo handling
      d37c6a3a
    • E
      maint: rename virBufferVSprintf to virBufferAsprintf · 68ea80cf
      Eric Blake 提交于
      We already have virAsprintf, so picking a similar name helps for
      seeing a similar purpose.  Furthermore, the prefix V before printf
      generally implies 'va_list', even though this variant was '...', and
      the old name got in the way of adding a new va_list version.
      
      global rename performed with:
      
      $ git grep -l virBufferVSprintf \
        | xargs -L1 sed -i 's/virBufferVSprintf/virBufferAsprintf/g'
      
      then revert the changes in ChangeLog-old.
      68ea80cf
  19. 17 4月, 2011 1 次提交
  20. 16 4月, 2011 1 次提交
    • E
      maint: use lighter-weight function for straight appends · dbe3bad9
      Eric Blake 提交于
      It costs quite a few processor cycles to go through printf parsing
      just to determine that we only meant to append.
      
      * src/xen/xend_internal.c (xend_op_ext): Consolidate multiple
      printfs into one.
      * src/qemu/qemu_command.c (qemuBuildWatchdogDevStr)
      (qemuBuildUSBInputDevStr, qemuBuildSoundDevStr)
      (qemuBuildSoundCodecStr, qemuBuildVideoDevStr): Likewise.
      (qemuBuildCpuArgStr, qemuBuildCommandLine): Prefer virBufferAdd
      over virBufferVsprintf for trivial appends.
      * src/phyp/phyp_driver.c (phypExec, phypUUIDTable_Push)
      (phypUUIDTable_Pull): Likewise.
      * src/conf/nwfilter_conf.c (macProtocolIDFormatter)
      (arpOpcodeFormatter, formatIPProtocolID, printStringItems)
      (virNWFilterPrintStateMatchFlags, virNWIPAddressFormat)
      (virNWFilterDefFormat): Likewise.
      * src/security/virt-aa-helper.c (main): Likewise.
      * src/util/sexpr.c (sexpr2string): Likewise.
      * src/xenxs/xen_sxpr.c (xenFormatSxprChr): Likewise.
      * src/xenxs/xen_xm.c (xenFormatXMDisk): Likewise.
      dbe3bad9
  21. 05 4月, 2011 2 次提交
    • M
      97176c63
    • E
      build: detect potentential uninitialized variables · 0d166c6b
      Eric Blake 提交于
      Even with -Wuninitialized (which is part of autobuild.sh
      --enable-compile-warnings=error), gcc does NOT catch this
      use of an uninitialized variable:
      
      {
        if (cond)
          goto error;
        int a = 1;
      error:
        printf("%d", a);
      }
      
      which prints 0 (supposing the stack started life wiped) if
      cond was true.  Clang will catch it, but we don't use clang
      as often.  Using gcc -Wjump-misses-init catches it, but also
      gives false positives:
      
      {
        if (cond)
          goto error;
        int a = 1;
        return a;
      error:
        return 0;
      }
      
      Here, a was never used in the scope of the error block, so
      declaring it after goto is technically fine (and clang agrees).
      However, given that our HACKING already documents a preference
      to C89 decl-before-statement, the false positive warning is
      enough of a prod to comply with HACKING.
      
      [Personally, I'd _really_ rather use C99 decl-after-statement
      to minimize scope, but until gcc can efficiently and reliably
      catch scoping and uninitialized usage bugs, I'll settle with
      the compromise of enforcing a coding standard that happens to
      reject false positives if it can also detect real bugs.]
      
      * acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add -Wjump-misses-init.
      * src/util/util.c (__virExec): Adjust offenders.
      * src/conf/domain_conf.c (virDomainTimerDefParseXML): Likewise.
      * src/remote/remote_driver.c (doRemoteOpen): Likewise.
      * src/phyp/phyp_driver.c (phypGetLparNAME, phypGetLparProfile)
      (phypGetVIOSFreeSCSIAdapter, phypVolumeGetKey)
      (phypGetStoragePoolDevice)
      (phypVolumeGetPhysicalVolumeByStoragePool)
      (phypVolumeGetPath): Likewise.
      * src/vbox/vbox_tmpl.c (vboxNetworkUndefineDestroy)
      (vboxNetworkCreate, vboxNetworkDumpXML)
      (vboxNetworkDefineCreateXML): Likewise.
      * src/xenapi/xenapi_driver.c (getCapsObject)
      (xenapiDomainDumpXML): Likewise.
      * src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise.
      * src/security/security_selinux.c (SELinuxGenNewContext):
      Likewise.
      * src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia):
      Likewise.
      * src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise.
      * src/qemu/qemu_monitor_text.c (qemuMonitorTextGetPtyPaths):
      Likewise.
      * src/qemu/qemu_driver.c (qemudDomainShutdown)
      (qemudDomainBlockStats, qemudDomainMemoryPeek): Likewise.
      * src/storage/storage_backend_iscsi.c
      (virStorageBackendCreateIfaceIQN): Likewise.
      * src/node_device/node_device_udev.c (udevProcessPCI): Likewise.
      0d166c6b
  22. 25 3月, 2011 1 次提交
    • E
      command: properly diagnose process exit via signal · 208a044a
      Eric Blake 提交于
      Child processes don't always reach _exit(); if they die from a
      signal, then any messages should still be accurate.  Most users
      either expect a 0 status (thankfully, if status==0, then
      WIFEXITED(status) is true and WEXITSTATUS(status)==0 for all
      known platforms) or were filtering on WIFEXITED before printing
      a status, but a few were missing this check.  Additionally,
      nwfilter_ebiptables_driver was making an assumption that works
      on Linux (where WEXITSTATUS shifts and WTERMSIG just masks)
      but fails on other platforms (where WEXITSTATUS just masks and
      WTERMSIG shifts).
      
      * src/util/command.h (virCommandTranslateStatus): New helper.
      * src/libvirt_private.syms (command.h): Export it.
      * src/util/command.c (virCommandTranslateStatus): New function.
      (virCommandWait): Use it to also diagnose status from signals.
      * src/security/security_apparmor.c (load_profile): Likewise.
      * src/storage/storage_backend.c
      (virStorageBackendQEMUImgBackingFormat): Likewise.
      * src/util/util.c (virExecDaemonize, virRunWithHook)
      (virFileOperation, virDirCreate): Likewise.
      * daemon/remote.c (remoteDispatchAuthPolkit): Likewise.
      * src/nwfilter/nwfilter_ebiptables_driver.c (ebiptablesExecCLI):
      Likewise.
      208a044a
  23. 09 3月, 2011 1 次提交
    • E
      build: avoid compiler warning on cygwin · 3dfd4ea3
      Eric Blake 提交于
      On cygwin:
      
        CC       libvirt_driver_security_la-security_dac.lo
      security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
      security/security_dac.c:618: warning: format '%d' expects type 'int', but argument 7 has type 'uid_t' [-Wformat]
      
      We've done this before (see src/util/util.c).
      
      * src/security/security_dac.c (virSecurityDACSetProcessLabel): On
      cygwin, uid_t is a 32-bit long.
      3dfd4ea3
  24. 03 3月, 2011 1 次提交
  25. 24 2月, 2011 1 次提交
  26. 23 2月, 2011 1 次提交
    • E
      security: avoid memory leak · 009fce98
      Eric Blake 提交于
      Leak introduced in commit d6623003.
      
      * src/qemu/qemu_driver.c (qemuSecurityInit): Avoid leak on failure.
      * src/security/security_stack.c (virSecurityStackClose): Avoid
      leaking component drivers.
      009fce98
  27. 21 2月, 2011 1 次提交
    • E
      maint: kill all remaining uses of old DEBUG macro · 994e7567
      Eric Blake 提交于
      Done mechanically with:
      $ git grep -l '\bDEBUG0\? *(' | xargs -L1 sed -i 's/\bDEBUG0\? *(/VIR_&/'
      
      followed by manual deletion of qemudDebug in daemon/libvirtd.c, along
      with a single 'make syntax-check' fallout in the same file, and the
      actual deletion in src/util/logging.h.
      
      * src/util/logging.h (DEBUG, DEBUG0): Delete.
      * daemon/libvirtd.h (qemudDebug): Likewise.
      * global: Change remaining clients over to VIR_DEBUG counterpart.
      994e7567
  28. 04 2月, 2011 1 次提交
    • E
      smartcard: enable SELinux support · 32e52134
      Eric Blake 提交于
      * src/security/security_selinux.c
      (SELinuxRestoreSecuritySmartcardCallback)
      (SELinuxSetSecuritySmartcardCallback): New helper functions.
      (SELinuxRestoreSecurityAllLabel, SELinuxSetSecurityAllLabel): Use
      them.
      32e52134
  29. 26 1月, 2011 1 次提交
    • L
      Add a function to the security driver API that sets the label of an open fd. · d89608f9
      Laine Stump 提交于
      A need was found to set the SELinux context label on an open fd (a
      pipe, as a matter of fact). This patch adds a function to the security
      driver API that will set the label on an open fd to secdef.label. For
      all drivers other than the SELinux driver, it's a NOP. For the SElinux
      driver, it calls fsetfilecon().
      
      If the return is a failure, it only returns error up to the caller if
      1) the desired label is different from the existing label, 2) the
      destination fd is of a type that supports setting the selinux context,
      and 3) selinux is in enforcing mode. Otherwise it will return
      success. This follows the pattern of the existing function
      SELinuxSetFilecon().
      d89608f9
  30. 22 1月, 2011 1 次提交
    • D
      Avoid crash in security driver if model is NULL · 31c698d7
      Daniel P. Berrange 提交于
      If the XML security model is NULL, it is assumed that the current
      model will be used with dynamic labelling. The verify step is
      meaningless and potentially crashes if dereferencing NULL
      
      * src/security/security_manager.c: Skip NULL model on verify
      31c698d7
  31. 15 1月, 2011 1 次提交
    • E
      domain_conf: split source data out from ChrDef · 98334e7c
      Eric Blake 提交于
      This opens up the possibility of reusing the smaller ChrSourceDef
      for both qemu monitor and a passthrough smartcard device.
      
      * src/conf/domain_conf.h (_virDomainChrDef): Factor host
      details...
      (_virDomainChrSourceDef): ...into new struct.
      (virDomainChrSourceDefFree): New prototype.
      * src/conf/domain_conf.c (virDomainChrDefFree)
      (virDomainChrDefParseXML, virDomainChrDefFormat): Split...
      (virDomainChrSourceDefClear, virDomainChrSourceDefFree)
      (virDomainChrSourceDefParseXML, virDomainChrSourceDefFormat):
      ...into new functions.
      (virDomainChrDefParseTargetXML): Update clients to reflect type
      split.
      * src/vmx/vmx.c (virVMXParseSerial, virVMXParseParallel)
      (virVMXFormatSerial, virVMXFormatParallel): Likewise.
      * src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.
      * src/xen/xend_internal.c (xenDaemonParseSxprChar)
      (xenDaemonFormatSxprChr): Likewise.
      * src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxAttachSerial)
      (vboxAttachParallel): Likewise.
      * src/security/security_dac.c (virSecurityDACSetChardevLabel)
      (virSecurityDACSetChardevCallback)
      (virSecurityDACRestoreChardevLabel)
      (virSecurityDACRestoreChardevCallback): Likewise.
      * src/security/security_selinux.c (SELinuxSetSecurityChardevLabel)
      (SELinuxSetSecurityChardevCallback)
      (SELinuxRestoreSecurityChardevLabel)
      (SELinuxSetSecurityChardevCallback): Likewise.
      * src/security/virt-aa-helper.c (get_files): Likewise.
      * src/lxc/lxc_driver.c (lxcVmStart, lxcDomainOpenConsole):
      Likewise.
      * src/uml/uml_conf.c (umlBuildCommandLineChr): Likewise.
      * src/uml/uml_driver.c (umlIdentifyOneChrPTY, umlIdentifyChrPTY)
      (umlDomainOpenConsole): Likewise.
      * src/qemu/qemu_command.c (qemuBuildChrChardevStr)
      (qemuBuildChrArgStr, qemuBuildCommandLine)
      (qemuParseCommandLineChr): Likewise.
      * src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLFormat)
      (qemuDomainObjPrivateXMLParse): Likewise.
      * src/qemu/qemu_cgroup.c (qemuSetupChardevCgroup): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
      * src/qemu/qemu_driver.c (qemudFindCharDevicePTYsMonitor)
      (qemudFindCharDevicePTYs, qemuPrepareChardevDevice)
      (qemuPrepareMonitorChr, qemudShutdownVMDaemon)
      (qemuDomainOpenConsole): Likewise.
      * src/qemu/qemu_command.h (qemuBuildChrChardevStr)
      (qemuBuildChrArgStr): Delete, now that they are static.
      * src/libvirt_private.syms (domain_conf.h): New exports.
      * cfg.mk (useless_free_options): Update list.
      * tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Update
      tests.
      98334e7c
  32. 11 1月, 2011 1 次提交
    • D
      Refactor the security drivers to simplify usage · d6623003
      Daniel P. Berrange 提交于
      The current security driver usage requires horrible code like
      
          if (driver->securityDriver &&
              driver->securityDriver->domainSetSecurityHostdevLabel &&
              driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
                                                                    vm, hostdev) < 0)
      
      This pair of checks for NULL clutters up the code, making the driver
      calls 2 lines longer than they really need to be. The goal of the
      patchset is to change the calling convention to simply
      
        if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
                                              vm, hostdev) < 0)
      
      The first check for 'driver->securityDriver' being NULL is removed
      by introducing a 'no op' security driver that will always be present
      if no real driver is enabled. This guarentees driver->securityDriver
      != NULL.
      
      The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
      being non-NULL is hidden in a new abstraction called virSecurityManager.
      This separates the driver callbacks, from main internal API. The addition
      of a virSecurityManager object, that is separate from the virSecurityDriver
      struct also allows for security drivers to carry state / configuration
      information directly. Thus the DAC/Stack drivers from src/qemu which
      used to pull config from 'struct qemud_driver' can now be moved into
      the 'src/security' directory and store their config directly.
      
      * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
        use new virSecurityManager APIs
      * src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
        src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
        Move into src/security directory
      * src/security/security_stack.c, src/security/security_stack.h,
        src/security/security_dac.c, src/security/security_dac.h: Generic
        versions of previous QEMU specific drivers
      * src/security/security_apparmor.c, src/security/security_apparmor.h,
        src/security/security_driver.c, src/security/security_driver.h,
        src/security/security_selinux.c, src/security/security_selinux.h:
        Update to take virSecurityManagerPtr object as the first param
        in all callbacks
      * src/security/security_nop.c, src/security/security_nop.h: Stub
        implementation of all security driver APIs.
      * src/security/security_manager.h, src/security/security_manager.c:
        New internal API for invoking security drivers
      * src/libvirt.c: Add missing debug for security APIs
      d6623003
  33. 21 12月, 2010 1 次提交