- 28 6月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt sanlock plugin is intentionally leaking a file descriptor to QEMU. To enable QEMU to use this FD under SELinux, it must be labelled correctly. We dont want to use the svirt_image_t for this, since QEMU must not be allowed to actually use the FD. So instead we label it with svirt_t using virSecurityManagerSetProcessFDLabel * src/locking/domain_lock.c, src/locking/domain_lock.h, src/locking/lock_driver.h, src/locking/lock_driver_nop.c, src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c, src/locking/lock_manager.h: Optionally pass an FD back to the hypervisor for security driver labelling * src/qemu/qemu_process.c: label the lock manager plugin FD with the process label
-
- 03 6月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
When virLockDriverAcquire is invoked during hotplug the state parameter will be left as NULL. * src/locking/lock_driver_nop.c, src/locking/lock_driver_sanlock.c: Don't reference NULL state parameter
-
- 02 6月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
To allow hypervisor drivers to assume that a lock driver impl will be guaranteed to exist, provide a 'nop' impl that is compiled into the library * src/Makefile.am: Add nop driver * src/locking/lock_driver_nop.c, src/locking/lock_driver_nop.h: Nop lock driver implementation * src/locking/lock_manager.c: Enable direct access of 'nop' driver, instead of dlopen()ing it.
-