1. 13 8月, 2012 1 次提交
    • E
      tests: avoid seclabeltest crash · 2f809dba
      Eric Blake 提交于
      Commit a56c3470 introduced a use of random numbers into seclabel
      handling, but failed to initialize the random number generator
      in the testsuite.  Also, fail with usual status, not 255.
      
      * tests/seclabeltest.c (main): Initialize randomness.
      (cherry picked from commit a22a36e8)
      
      Conflicts:
      	tests/seclabeltest.c
      2f809dba
  2. 11 1月, 2011 1 次提交
    • D
      Refactor the security drivers to simplify usage · d6623003
      Daniel P. Berrange 提交于
      The current security driver usage requires horrible code like
      
          if (driver->securityDriver &&
              driver->securityDriver->domainSetSecurityHostdevLabel &&
              driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
                                                                    vm, hostdev) < 0)
      
      This pair of checks for NULL clutters up the code, making the driver
      calls 2 lines longer than they really need to be. The goal of the
      patchset is to change the calling convention to simply
      
        if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
                                              vm, hostdev) < 0)
      
      The first check for 'driver->securityDriver' being NULL is removed
      by introducing a 'no op' security driver that will always be present
      if no real driver is enabled. This guarentees driver->securityDriver
      != NULL.
      
      The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
      being non-NULL is hidden in a new abstraction called virSecurityManager.
      This separates the driver callbacks, from main internal API. The addition
      of a virSecurityManager object, that is separate from the virSecurityDriver
      struct also allows for security drivers to carry state / configuration
      information directly. Thus the DAC/Stack drivers from src/qemu which
      used to pull config from 'struct qemud_driver' can now be moved into
      the 'src/security' directory and store their config directly.
      
      * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
        use new virSecurityManager APIs
      * src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
        src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
        Move into src/security directory
      * src/security/security_stack.c, src/security/security_stack.h,
        src/security/security_dac.c, src/security/security_dac.h: Generic
        versions of previous QEMU specific drivers
      * src/security/security_apparmor.c, src/security/security_apparmor.h,
        src/security/security_driver.c, src/security/security_driver.h,
        src/security/security_selinux.c, src/security/security_selinux.h:
        Update to take virSecurityManagerPtr object as the first param
        in all callbacks
      * src/security/security_nop.c, src/security/security_nop.h: Stub
        implementation of all security driver APIs.
      * src/security/security_manager.h, src/security/security_manager.c:
        New internal API for invoking security drivers
      * src/libvirt.c: Add missing debug for security APIs
      d6623003
  3. 20 7月, 2010 1 次提交
  4. 21 9月, 2009 1 次提交
    • D
      Move security drivers to src/security/ · e56c6a83
      Daniel P. Berrange 提交于
      * src/Makefile.am, src/qemu/qemu_conf.h, src/qemu/qemu_driver.c,
        tests/seclabeltest.c: Adapt for changed paths
      * src/security.c: Rename to src/security/security_driver.c
      * src/security.h: Rename to src/security/security_driver.h
      * src/security_selinux.c, src/security_selinux.h: Move to src/security/
      e56c6a83
  5. 03 4月, 2009 1 次提交