- 17 5月, 2014 5 次提交
-
-
由 Jim Fehlig 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=999301 The DAC driver ignores the relabel='no' attribute in disk config <disk type='file' device='floppy'> <driver name='qemu' type='raw'/> <source file='/some/path/floppy.img'> <seclabel model='dac' relabel='no'/> </source> <target dev='fda' bus='fdc'/> <readonly/> </disk> This patch avoid labeling disks when relabel='no' is specified. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
If relabel='no' at the domain level, no need to attempt relabeling in virSecurityDAC{Set,Restore}SecurityAllLabel(). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
Currently, the DAC security driver passes callback data as void params[2]; params[0] = mgr; params[1] = def; Clean this up by defining a structure for passing the callback data. Moreover, there's no need to pass the whole virDomainDef in the callback as the only thing needed in the callbacks is virSecurityLabelDefPtr. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
In switch statements, use enum types since it is safer when adding new items to the enum. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
Annotate some static function parameters with ATTRIBUTE_NONNULL and remove checks for NULL inputs. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
- 15 5月, 2014 3 次提交
-
-
由 Jim Fehlig 提交于
-
由 Jim Fehlig 提交于
-
由 Jim Fehlig 提交于
Remove ATTRIBUTE_UNUSED on several function parameters that are actually used.
-
- 24 4月, 2014 2 次提交
-
-
由 Peter Krempa 提交于
To avoid having the root of a backing chain present twice in the list we need to invert the working of virStorageFileGetMetadataRecurse. Until now the recursive worker created a new backing chain element from the name and other information passed as arguments. This required us to pass the data of the parent in a deconstructed way and the worker created a new entry for the parent. This patch converts this function so that it just fills in metadata about the parent and creates a backing chain element from those. This removes the duplication of the first element. To avoid breaking the test suite, virstoragetest now calls a wrapper that creates the parent structure explicitly and pre-fills it with the test data with same function signature as previously used.
-
由 Peter Krempa 提交于
Switch over to storing of the backing chain as a recursive virStorageSource structure. This is a string based move. Currently the first element will be present twice in the backing chain as currently the retrieval function stores the parent in the newly detected chain. This will be fixed later.
-
- 22 4月, 2014 1 次提交
-
-
由 Nehal J Wani 提交于
Fix minor typos in source comments Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 08 4月, 2014 2 次提交
-
-
由 Daniel P. Berrange 提交于
Since it is an abbreviation, PCI should always be fully capitalized or full lower case, never Pci. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Eric Blake 提交于
I noticed that the apparmor code could request metadata even for a cdrom with no media, which would cause a memory leak of the hash table used to look for loops in the backing chain. But even before that, we blindly dereferenced the path for printing a debug statement, so it is just better to enforce that this is only used on non-NULL names. * src/util/virstoragefile.c (virStorageFileGetMetadata): Assume non-NULL path. * src/util/virstoragefile.h: Annotate this. * src/security/virt-aa-helper.c (get_files): Fix caller. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 02 4月, 2014 4 次提交
-
-
由 Ján Tomko 提交于
Coverity complains about a possible leak of seclabel if !sec_managers[i]->drv->domainGenSecurityLabel is true and the seclabel might be overwritten by the next iteration of the loop. This leak should never happen, because every security driver has domainGenSecurityLabel defined.
-
由 Eric Blake 提交于
The code in virstoragefile.c is getting more complex as I consolidate backing chain handling code. But for the setuid virt-login-shell, we don't need to crawl backing chains. It's easier to audit things for setuid security if there are fewer files involved, so this patch moves the one function that virFileOpen() was actually relying on to also live in virfile.c. * src/util/virstoragefile.c (virStorageFileIsSharedFS) (virStorageFileIsSharedFSType): Move... * src/util/virfile.c (virFileIsSharedFS, virFileIsSharedFSType): ...to here, and rename. (virFileOpenAs): Update caller. * src/security/security_selinux.c (virSecuritySELinuxSetFileconHelper) (virSecuritySELinuxSetSecurityAllLabel) (virSecuritySELinuxRestoreSecurityImageLabelInt): Likewise. * src/security/security_dac.c (virSecurityDACRestoreSecurityImageLabelInt): Likewise. * src/qemu/qemu_driver.c (qemuOpenFileAs): Likewise. * src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise. * src/util/virstoragefile.h: Adjust declarations. * src/util/virfile.h: Likewise. * src/libvirt_private.syms (virfile.h, virstoragefile.h): Move symbols as appropriate. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
A continuation of the migration of disk details to virstoragefile. This patch moves a single enum, but converting the name has quite a bit of fallout. * src/conf/domain_conf.h (virDomainDiskType): Move... * src/util/virstoragefile.h (virStorageType): ...and rename. * src/bhyve/bhyve_command.c (bhyveBuildDiskArgStr) (virBhyveProcessBuildLoadCmd): Update clients. * src/conf/domain_conf.c (virDomainDiskSourceDefParse) (virDomainDiskDefParseXML, virDomainDiskSourceDefFormatInternal) (virDomainDiskDefFormat, virDomainDiskGetActualType) (virDomainDiskDefForeachPath, virDomainDiskSourceIsBlockType): Likewise. * src/conf/snapshot_conf.h (_virDomainSnapshotDiskDef): Likewise. * src/conf/snapshot_conf.c (virDomainSnapshotDiskDefParseXML) (virDomainSnapshotAlignDisks, virDomainSnapshotDiskDefFormat): Likewise. * src/esx/esx_driver.c (esxAutodetectSCSIControllerModel) (esxDomainDefineXML): Likewise. * src/locking/domain_lock.c (virDomainLockManagerAddDisk): Likewise. * src/lxc/lxc_controller.c (virLXCControllerSetupLoopDeviceDisk) (virLXCControllerSetupNBDDeviceDisk) (virLXCControllerSetupLoopDevices, virLXCControllerSetupDisk): Likewise. * src/parallels/parallels_driver.c (parallelsGetHddInfo): Likewise. * src/phyp/phyp_driver.c (phypDiskType): Likewise. * src/qemu/qemu_command.c (qemuGetDriveSourceString) (qemuDomainDiskGetSourceString, qemuBuildDriveStr) (qemuBuildCommandLine, qemuParseCommandLineDisk) (qemuParseCommandLine): Likewise. * src/qemu/qemu_conf.c (qemuCheckSharedDevice) (qemuTranslateDiskSourcePool) (qemuTranslateSnapshotDiskSourcePool): Likewise. * src/qemu/qemu_domain.c (qemuDomainDeviceDefPostParse) (qemuDomainDetermineDiskChain): Likewise. * src/qemu/qemu_driver.c (qemuDomainGetBlockInfo) (qemuDomainSnapshotPrepareDiskExternalBackingInactive) (qemuDomainSnapshotPrepareDiskExternalBackingActive) (qemuDomainSnapshotPrepareDiskExternalOverlayActive) (qemuDomainSnapshotPrepareDiskExternalOverlayInactive) (qemuDomainSnapshotPrepareDiskInternal) (qemuDomainSnapshotPrepare) (qemuDomainSnapshotCreateSingleDiskActive): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia): Likewise. * src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise. * src/security/security_apparmor.c (AppArmorRestoreSecurityImageLabel) (AppArmorSetSecurityImageLabel): Likewise. * src/security/security_dac.c (virSecurityDACSetSecurityImageLabel) (virSecurityDACRestoreSecurityImageLabelInt) (virSecurityDACSetSecurityAllLabel): Likewise. * src/security/security_selinux.c (virSecuritySELinuxRestoreSecurityImageLabelInt) (virSecuritySELinuxSetSecurityImageLabel) (virSecuritySELinuxSetSecurityAllLabel): Likewise. * src/storage/storage_backend.c (virStorageFileBackendForType): Likewise. * src/storage/storage_backend_fs.c (virStorageFileBackendFile) (virStorageFileBackendBlock): Likewise. * src/storage/storage_backend_gluster.c (virStorageFileBackendGluster): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc, vboxAttachDrives) (vboxDomainAttachDeviceImpl, vboxDomainDetachDevice): Likewise. * src/vmware/vmware_conf.c (vmwareVmxPath): Likewise. * src/vmx/vmx.c (virVMXParseDisk, virVMXFormatDisk) (virVMXFormatFloppy): Likewise. * src/xenxs/xen_sxpr.c (xenParseSxprDisks, xenParseSxpr) (xenFormatSxprDisk): Likewise. * src/xenxs/xen_xm.c (xenParseXM, xenFormatXMDisk): Likewise. * tests/securityselinuxlabeltest.c (testSELinuxLoadDef): Likewise. * src/libvirt_private.syms (domain_conf.h): Move symbols... (virstoragefile.h): ...as appropriate. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
In order to reuse the newly-created host-side disk struct in the virstoragefile backing chain code, I first have to move it to util/. This starts the process, by first moving the security label structures. * src/conf/domain_conf.h (virDomainDefGenSecurityLabelDef) (virDomainDiskDefGenSecurityLabelDef, virSecurityLabelDefFree) (virSecurityDeviceLabelDefFree, virSecurityLabelDef) (virSecurityDeviceLabelDef): Move... * src/util/virseclabel.h: ...to new file. (virSecurityLabelDefNew, virSecurityDeviceLabelDefNew): Rename the GenSecurity functions. * src/qemu/qemu_process.c (qemuProcessAttach): Adjust callers. * src/security/security_manager.c (virSecurityManagerGenLabel): Likewise. * src/security/security_selinux.c (virSecuritySELinuxSetSecurityFileLabel): Likewise. * src/util/virseclabel.c: New file. * src/conf/domain_conf.c: Move security code, and fix fallout. * src/Makefile.am (UTIL_SOURCES): Build new file. * src/libvirt_private.syms (domain_conf.h): Move symbols... (virseclabel.h): ...to new section. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 27 3月, 2014 2 次提交
-
-
由 Cédric Bosdonnat 提交于
See lp#1276719 for the bug description. As virt-aa-helper doesn't know the VFIO groups to use for the guest, allow access to all /dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need for vfio Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Cédric Bosdonnat 提交于
-
- 25 3月, 2014 4 次提交
-
-
由 Ján Tomko 提交于
-
由 Peter Krempa 提交于
Commit 4f202266 breaks build with AppArmor enabled as it missed the refactor to the new accessors.
-
由 Eric Blake 提交于
It's finally time to start tracking disk backing chains in <domain> XML. The first step is to start refactoring code so that we have an object more convenient for representing each host source resource in the context of a single guest <disk>. Ultimately, I plan to move the new type into src/util where it can be reused by virStorageFile, but to make the transition easier to review, this patch just creates the new type then fixes everything until it compiles again. * src/conf/domain_conf.h (_virDomainDiskDef): Split... (_virDomainDiskSourceDef): ...to new struct. (virDomainDiskAuthClear): Use new type. * src/conf/domain_conf.c (virDomainDiskDefFree): Split... (virDomainDiskSourceDefClear): ...to new function. (virDomainDiskGetType, virDomainDiskSetType) (virDomainDiskGetSource, virDomainDiskSetSource) (virDomainDiskGetDriver, virDomainDiskSetDriver) (virDomainDiskGetFormat, virDomainDiskSetFormat) (virDomainDiskAuthClear, virDomainDiskGetActualType) (virDomainDiskDefParseXML, virDomainDiskSourceDefFormat) (virDomainDiskDefFormat, virDomainDiskDefForeachPath) (virDomainDiskDefGetSecurityLabelDef) (virDomainDiskSourceIsBlockType): Adjust all users. * src/lxc/lxc_controller.c (virLXCControllerSetupDisk): Likewise. * src/lxc/lxc_driver.c (lxcDomainAttachDeviceMknodHelper): Likewise. * src/qemu/qemu_command.c (qemuAddRBDHost, qemuParseRBDString) (qemuParseDriveURIString, qemuParseGlusterString) (qemuParseISCSIString, qemuParseNBDString) (qemuDomainDiskGetSourceString, qemuBuildDriveStr) (qemuBuildCommandLine, qemuParseCommandLineDisk) (qemuParseCommandLine): Likewise. * src/qemu/qemu_conf.c (qemuCheckSharedDevice) (qemuAddISCSIPoolSourceHost, qemuTranslateDiskSourcePool): Likewise. * src/qemu/qemu_driver.c (qemuDomainUpdateDeviceConfig) (qemuDomainPrepareDiskChainElement) (qemuDomainSnapshotCreateInactiveExternal) (qemuDomainSnapshotPrepareDiskExternalBackingInactive) (qemuDomainSnapshotPrepareDiskInternal) (qemuDomainSnapshotPrepare) (qemuDomainSnapshotCreateSingleDiskActive) (qemuDomainSnapshotUndoSingleDiskActive) (qemuDomainBlockPivot, qemuDomainBlockJobImpl) (qemuDomainBlockCopy, qemuDomainBlockCommit): Likewise. * src/qemu/qemu_migration.c (qemuMigrationIsSafe): Likewise. * src/qemu/qemu_process.c (qemuProcessGetVolumeQcowPassphrase) (qemuProcessInitPasswords): Likewise. * src/security/security_selinux.c (virSecuritySELinuxSetSecurityFileLabel): Likewise. * src/storage/storage_driver.c (virStorageFileInitFromDiskDef): Likewise. * tests/securityselinuxlabeltest.c (testSELinuxLoadDef): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Part of a series of cleanups to use new accessor methods. * src/security/security_dac.c (virSecurityDACSetSecurityImageLabel) (virSecurityDACRestoreSecurityImageLabelInt) (virSecurityDACSetSecurityAllLabel): Use accessors. * src/security/security_selinux.c (virSecuritySELinuxRestoreSecurityImageLabelInt) (virSecuritySELinuxSetSecurityImageLabel) (virSecuritySELinuxSetSecurityAllLabel): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 21 3月, 2014 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 20 3月, 2014 1 次提交
-
-
由 Scott Sullivan 提交于
Per the documentation, is_selinux_enabled() returns -1 on error. Account for this. Previously when -1 was being returned the condition would still be true. I was noticing this because on my system that has selinux disabled I was getting this in the libvirt.log every 5 seconds: error : virIdentityGetSystem:173 : Unable to lookup SELinux process context: Invalid argument With this patch applied, I no longer get these messages every 5 seconds. I am submitting this in case its deemed useful for inclusion. Anyone have any comments on this change? This is a patch off current master. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 18 3月, 2014 3 次提交
-
-
由 Daniel P. Berrange 提交于
Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Martin Kletzander 提交于
If there should be some sort of separator it is better to use comment with the filename, copyright, description, license information and authors. Found by: git grep -nH '^$' | grep '\.[ch]:1:' Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Felix Geyer 提交于
Make virt-aa-helper create rules to allow VMs access to filesystem mounts from the host. Signed-off-by: NFelix Geyer <debfx@fobos.de> Signed-off-by: NHiroshi Miura <miurahr@linux.com> Signed-off-by: NSerge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: NGuido Günther <agx@sigxcpu.org>
-
- 11 3月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
The @def is clearly used just a few lines below. There's no need to use ATTRIBUTE_UNUSED for it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 04 3月, 2014 3 次提交
-
-
由 Cédric Bosdonnat 提交于
-
由 Cédric Bosdonnat 提交于
The reason for these is that aa-status doesn't show the process using the profile as they are in another namespace.
-
由 Cédric Bosdonnat 提交于
use_apparmor() was first designed to be called from withing libvirtd, but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check whether to use apparmor or not: just use it if possible.
-
- 06 2月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
Commit 2ce63c16 added imagelabel generation when relabeling is turned off. But we weren't filling out the sensitivity for type 'none' labels, resulting in an invalid label: $ virsh managedsave domain error: unable to set security context 'system_u:object_r:svirt_image_t' on fd 28: Invalid argument
-
- 30 1月, 2014 1 次提交
-
-
由 Osier Yang 提交于
To support passing the path of the test data to the utils, one more argument is added to virSCSIDeviceGetSgName, virSCSIDeviceGetDevName, and virSCSIDeviceNew, and the related code is changed accordingly. Later tests for the scsi utils will be based on this patch. Signed-off-by: NOsier Yang <jyang@redhat.com>
-
- 23 1月, 2014 1 次提交
-
-
由 Osier Yang 提交于
Unlike the host devices of other types, SCSI host device XML supports "shareable" tag. This patch introduces it for the virSCSIDevice struct for a later patch use (to detect if the SCSI device is shareable when preparing the SCSI host device in QEMU driver).
-
- 17 1月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=996543 When starting up a domain, the SELinux labeling is done depending on current configuration. If the labeling fails we check for possible causes, as not all labeling failures are fatal. For example, if the labeled file is on NFS which lacks SELinux support, the file can still be readable to qemu process. These cases are distinguished by the errno code: NFS without SELinux support returns EOPNOTSUPP. However, we were missing one scenario. In case there's a read-only disk on a read-only NFS (and possibly any FS) and the labeling is just optional (not explicitly requested in the XML) there's no need to make the labeling error fatal. In other words, read-only file on read-only NFS can fail to be labeled, but be readable at the same time. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 05 1月, 2014 1 次提交
-
-
由 Eric Blake 提交于
We weren't very consistent in our use of VIR_ERR_NO_SUPPORT; many users just passed __FUNCTION__ on, while others passed "%s" to silence over-eager compilers that warn about __FUNCTION__ not containing any %. It's nicer to route all these uses through a single macro, so that if we ever need to change the reporting, we can do it in one place. I verified that 'virsh -c test:///default qemu-monitor-command test foo' gives the same error message before and after this patch: error: this function is not supported by the connection driver: virDomainQemuMonitorCommand Note that in libvirt.c, we were inconsistent on whether virDomain* API used virLibConnError() (with VIR_FROM_NONE) or virLibDomainError() (with VIR_FROM_DOMAIN); this patch unifies these errors to all use VIR_FROM_NONE, on the grounds that it is unlikely that a caller learning that a call is unimplemented can do anything in particular with extra knowledge of which error domain it belongs to. One particular change to note is virDomainOpenGraphics which was trying to fail with VIR_ERR_NO_SUPPORT after a failed VIR_DRV_SUPPORTS_FEATURE check; all other places that fail a feature check report VIR_ERR_ARGUMENT_UNSUPPORTED. * src/util/virerror.h (virReportUnsupportedError): New macro. * src/libvirt-qemu.c: Use new macro. * src/libvirt-lxc.c: Likewise. * src/lxc/lxc_driver.c: Likewise. * src/security/security_manager.c: Likewise. * src/util/virinitctl.c: Likewise. * src/libvirt.c: Likewise. (virDomainOpenGraphics): Use correct error for unsupported feature. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 04 12月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The SELinux security driver would overwrite errors from the virConfReadFile function. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 20 11月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
For a while we're have random failures of 'securityselinuxtest' which were not at all reproducible. Fortunately we finally caught a failure with VIR_TEST_DEBUG=1 enabled. This revealed TEST: securityselinuxtest 1) GenLabel "dynamic unconfined, s0, c0.c1023" ... OK 2) GenLabel "dynamic unconfined, s0, c0.c1023" ... OK 3) GenLabel "dynamic unconfined, s0, c0.c1023" ... OK 4) GenLabel "dynamic virtd, s0, c0.c1023" ... OK 5) GenLabel "dynamic virtd, s0, c0.c10" ... OK 6) GenLabel "dynamic virtd, s2-s3, c0.c1023" ... OK 7) GenLabel "dynamic virtd, missing range" ... Category two 1024 is out of range 0-1023 FAILED FAIL: securityselinuxtest And sure enough we had an off-by-1 in the MCS range code when the current process has no range set. The test suite randomly allocates 2 categories from 0->1024 so the chances of hitting this in the test suite were slim indeed :-) Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 31 10月, 2013 1 次提交
-
-
由 Eric Blake 提交于
To make it easier to forbid future attempts at a confusing typedef name ending in Ptr that isn't actually a pointer, insist that we follow our preferred style of 'typedef foo *fooPtr'. * cfg.mk (sc_forbid_const_pointer_typedef): Enforce consistent style, to prevent issue fixed in previous storage patch. * src/conf/capabilities.h (virCapsPtr): Fix offender. * src/security/security_stack.c (virSecurityStackItemPtr): Likewise. * tests/qemucapabilitiestest.c (testQemuDataPtr): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-