- 06 6月, 2018 3 次提交
-
-
由 Stefan Berger 提交于
In this patch we label the swtpm process with SELinux labels. We give it the same label as the QEMU process has. We label its state directory and files as well. We restore the old security labels once the swtpm has terminated. The file and process labels now look as follows: Directory: /var/lib/libvirt/swtpm [root@localhost swtpm]# ls -lZ total 4 rwx------. 2 tss tss system_u:object_r:svirt_image_t:s0:c254,c932 4096 Apr 5 16:46 testvm [root@localhost testvm]# ls -lZ total 8 -rw-r--r--. 1 tss tss system_u:object_r:svirt_image_t:s0:c254,c932 3648 Apr 5 16:46 tpm-00.permall The log in /var/log/swtpm/libvirt/qemu is labeled as follows: -rw-r--r--. 1 tss tss system_u:object_r:svirt_image_t:s0:c254,c932 2237 Apr 5 16:46 vtpm.log [root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep swtpm | grep ctrl | grep -v grep system_u:system_r:svirt_t:s0:c254,c932 tss 25664 0.0 0.0 28172 3892 ? Ss 16:57 0:00 /usr/bin/swtpm socket --daemon --ctrl type=unixio,path=/var/run/libvirt/qemu/swtpm/testvm-swtpm.sock,mode=0660 --tpmstate dir=/var/lib/libvirt/swtpm/testvm/tpm1.2 --log file=/var/log/swtpm/libvirt/qemu/testvm-swtpm.log [root@localhost 485d0004-a48f-436a-8457-8a3b73e28567]# ps auxZ | grep qemu | grep tpm | grep -v grep system_u:system_r:svirt_t:s0:c254,c932 qemu 25669 99.0 0.0 3096704 48500 ? Sl 16:57 3:28 /bin/qemu-system-x86_64 [..] Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Stefan Berger 提交于
Extend the DAC and SELinux modules with support for the tpm-emulator. We label the Unix socket that QEMU connects to after starting swtmp with DAC and SELinux labels. We do not have to restore the labels in this case since the tpm-emulator will remove the Unix socket when it terminates. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Stefan Berger 提交于
This patch adds support for an external swtpm TPM emulator. The XML for this type of TPM looks as follows: <tpm model='tpm-tis'> <backend type='emulator'/> </tpm> The XML will currently only define a TPM 1.2. Extend the documentation. Add a test case testing the XML parser and formatter. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 04 5月, 2018 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 10 1月, 2018 1 次提交
-
-
由 Christian Ehrhardt 提交于
virSecurityManagerDomainSetPathLabel is used to make a path known to the security modules, but today is used interchangably for - paths to files/dirs to be accessed directly - paths to a dir, but the access will actually be to files therein Depending on the security module it is important to know which of these types it will be. The argument allowSubtree augments the call to the implementations of DomainSetPathLabel that can - per security module - decide if extra actions shall be taken. For now dac/selinux handle this as before, but apparmor will make use of it to add a wildcard to the path that was passed. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 05 12月, 2017 1 次提交
-
-
由 Pavel Hrdina 提交于
SELinux and DAC drivers already have both functions but they were not exported as public API of security manager. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 25 11月, 2017 1 次提交
-
-
由 Ján Tomko 提交于
Export the existing DAC and SELinux for separate use and introduce functions for stack, nop and the security manager.
-
- 03 11月, 2017 2 次提交
-
-
由 Peter Krempa 提交于
Until now we ignored user-provided backing chains and while detecting the code inherited labels of the parent device. With user provided chains we should keep this functionality, so label of the parent image in the backing chain will be applied if an image-specific label is not present.
-
由 Peter Krempa 提交于
virSecuritySELinuxSetImageLabelInternal assigns different labels to backing chain members than to the parent image. This was done via the 'first' flag. Convert it to passing in pointer to the parent virStorageSource. This will allow us to use the parent virStorageSource in further changes.
-
- 17 10月, 2017 1 次提交
-
-
由 Peter Krempa 提交于
Add helpers that will simplify checking if a backing file is valid or whether it has backing store. The helper virStorageSourceIsBacking returns true if the given virStorageSource is a valid backing store member. virStorageSourceHasBacking returns true if the virStorageSource has a backing store child. Adding these functions creates a central points for further refactors.
-
- 22 6月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
Our commit e13e8808 was way too generic. Currently, virtlogd is used only for chardevs type of file and nothing else. True, we must not relabel the path in this case, but we have to in all other cases. For instance, if you want to have a physical console attached to your guest: <console type='dev'> <source path='/dev/ttyS0'/> <target type='virtio' port='1'/> </console> Starting such domain fails because qemu doesn't have access to /dev/ttyS0 because we haven't relabelled the path. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 16 6月, 2017 2 次提交
-
-
由 Pavel Hrdina 提交于
In the case that virtlogd is used as stdio handler we pass to QEMU only FD to a PIPE connected to virtlogd instead of the file itself. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1430988Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 24 5月, 2017 1 次提交
-
-
由 Pavel Hrdina 提交于
If the first console is just a copy of the first serial device we don't need to iterate over the same device twice in order to perform actions like security labeling, cgroup configuring, etc. Currently only security SELinux manager was aware of this fact. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 18 5月, 2017 1 次提交
-
-
由 Erik Skultety 提交于
Namely, this patch is about virMediatedDeviceGetIOMMUGroup{Dev,Num} functions. There's no compelling reason why these functions should take an object, on the contrary, having to create an object every time one needs to query the IOMMU group number, discarding the object afterwards, seems odd. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
- 27 3月, 2017 2 次提交
-
-
由 Erik Skultety 提交于
This patch updates all of our security driver to start labeling the VFIO IOMMU devices under /dev/vfio/ as well. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Erik Skultety 提交于
A mediated device will be identified by a UUID (with 'model' now being a mandatory <hostdev> attribute to represent the mediated device API) of the user pre-created mediated device. We also need to make sure that if user explicitly provides a guest address for a mdev device, the address type will be matching the device API supported on that specific mediated device and error out with an incorrect XML message. The resulting device XML: <devices> <hostdev mode='subsystem' type='mdev' model='vfio-pci'> <source> <address uuid='c2177883-f1bb-47f0-914d-32a22e3a8804'> </source> </hostdev> </devices> Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
- 15 3月, 2017 2 次提交
-
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
When domain is being started up, we ought to relabel the host side of NVDIMM so qemu has access to it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 17 1月, 2017 1 次提交
-
-
由 Erik Skultety 提交于
The problem is in the way how the list item is created prior to appending it to the transaction list - the @path argument is just a shallow copy instead of deep copy of the hostdev device's path. Unfortunately, the hostdev devices from which the @path is extracted, in order to add them into the transaction list, are only temporary and freed before the buildup of the qemu namespace, thus making the @path attribute in the transaction list NULL, causing 'permission denied' or 'double free' or 'unknown cause' errors. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1413773Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
- 11 1月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
There are still some systems out there that have broken setfilecon*() prototypes. Instead of taking 'const char *tcon' it is taking 'char *tcon'. The function should just set the context, not modify it. We had been bitten with this problem before which resulted in 292d3f2d and subsequently b109c097. However, with one my latest commits (4674fc6a) I've changed the type of @tcon variable to 'const char *' which results in build failure on the systems from above. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 10 1月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 1月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
It doesn't make much sense to have two different prefix for functions within the same driver. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 25 11月, 2016 2 次提交
-
-
由 Eric Farman 提交于
Ensure that the vhost-scsi wwpn information is passed to the different security policies. Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com>
-
由 Eric Farman 提交于
We already have a "scsi" hostdev subsys type, which refers to a single LUN that is passed through to a guest. But what of things where multiple LUNs are passed through via a single SCSI HBA, such as with the vhost-scsi target? Create a new hostdev subsys type that will carry this. Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com>
-
- 12 11月, 2016 1 次提交
-
-
由 Eric Farman 提交于
As was suggested in an earlier review comment[1], we can catch some additional code points by cleaning up how we use the hostdev subsystem type in some switch statements. [1] End of https://www.redhat.com/archives/libvir-list/2016-September/msg00399.htmlSigned-off-by: NEric Farman <farman@linux.vnet.ibm.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 24 10月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Use a pointer and the virDomainChrSourceDefNew() function in order to allocate the structure for _virDomainSmartcardDef. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 22 10月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Change the virDomainChrDef to use a pointer to 'source' and allocate that pointer during virDomainChrDefNew. This has tremendous "fallout" in the rest of the code which mainly has to change source.$field to source->$field. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 12 7月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 25 5月, 2016 1 次提交
-
-
由 Ján Tomko 提交于
Add support for the slic_table to the security drivers.
-
- 19 4月, 2016 1 次提交
-
-
由 Martin Kletzander 提交于
It already labels abritrary paths, so it's just the naming that was wrong. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 11 4月, 2016 1 次提交
-
-
由 Pavel Hrdina 提交于
fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 20 2月, 2016 1 次提交
-
-
由 Laurent Bigonville 提交于
-
- 03 2月, 2016 1 次提交
-
-
由 Martin Kletzander 提交于
Since commit 71408079 we are generating socket path later than before -- when starting a domain. That makes one particular inconsistent state of a chardev, which was not possible before, currently valid. However, SELinux security driver forgot to guard the main restoring function by a check for NULL-paths. So make it no-op for NULL paths, as in the DAC driver. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1300532Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 15 1月, 2016 2 次提交
-
-
由 Jiri Denemark 提交于
A device tree binary file specified by /domain/os/dtb element is a read-only resource similar to kernel and initrd files. We shouldn't restore its label when destroying a domain to avoid breaking other domains configure with the same device tree. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
Kernel/initrd files are essentially read-only shareable images and thus should be handled in the same way. We already use the appropriate label for kernel/initrd files when starting a domain, but when a domain gets destroyed we would remove the labels which would make other running domains using the same files very unhappy. https://bugzilla.redhat.com/show_bug.cgi?id=921135Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
- 15 12月, 2015 1 次提交
-
-
由 Ján Tomko 提交于
Many of the functions follow the pattern: virSecurity.*Security.*Label Remove the second 'Security' from the names, it should be obvious that the virSecurity* functions deal with security labels even without it.
-
- 09 12月, 2015 1 次提交
-
-
由 Ján Tomko 提交于
-
- 30 11月, 2015 1 次提交
-
-
由 Ján Tomko 提交于
Add functions for setting and restoring the label of input devices to DAC and SELinux drivers. https://bugzilla.redhat.com/show_bug.cgi?id=1231114
-
- 21 10月, 2015 1 次提交
-
-
由 Ishmanpreet Kaur Khera 提交于
We have macros for both positive and negative string matching. Therefore there is no need to use !STREQ or !STRNEQ. At the same time as we are dropping this, new syntax-check rule is introduced to make sure we won't introduce it again. Signed-off-by: NIshmanpreet Kaur Khera <khera.ishman@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-