- 28 6月, 2018 1 次提交
-
-
由 Stefan Berger 提交于
This patch extends the AppArmor domain profile with file paths the swtpm accesses for state, log, pid, and socket files. Both, QEMU and swtpm, use this AppArmor profile. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Cc: Christian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 08 6月, 2018 2 次提交
-
-
由 Peter Krempa 提交于
All callers pass 'false' now so it's no longer needed. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
As the aa-helper binary is supposed to be used only with libvirt, we can fully remove it. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 04 5月, 2018 1 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 25 4月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
Currently the driver module loading code does not report an error if the driver module is physically missing on disk. This is useful for distro packaging optional pieces. When the daemons are split up into one daemon per driver, we will expect module loading to always succeed. If a driver is not desired, the entire daemon should not be installed. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 22 3月, 2018 2 次提交
-
-
由 Christian Ehrhardt 提交于
nvdimm memory is backed by a path on the host. This currently works only via hotplug where the AppArmor label is created via the domain label callbacks. This adds the virt-aa-helper support for nvdimm memory devices to generate rules for the needed paths from the initial guest definition as well. Example in domain xml: <memory model='nvdimm'> <source> <path>/tmp/nvdimm-base</path> </source> <target> <size unit='KiB'>524288</size> <node>0</node> </target> </memory> Works to start now and creates: "/tmp/nvdimm-base" rw, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
Input devices can passthrough an event device. This currently works only via hotplug where the AppArmor label is created via the domain label callbacks. This adds the virt-aa-helper support for passthrough input devices to generate rules for the needed paths from the initial guest definition as well. Example in domain xml: <input type='passthrough' bus='virtio'> <source evdev='/dev/input/event0' /> </input> Works to start now and creates: "/dev/input/event0" rw, Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1757085Acked-by: NJamie Strandboge <jamie@canonical.com> Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 19 3月, 2018 1 次提交
-
-
由 Christian Ehrhardt 提交于
In a recent change b932ed69: "virt-aa-helper: resolve yet to be created paths" several cases with symlinks in paths were fixed, but it regressed cases where the file being last element of the path was the actual link. In the case of the last element being the symlink realpath can (and shall) be called on the full path that was passed. Examples would be zfs/lvm block devices like: <disk type='block' device='disk'> <driver name='qemu' type='raw'/> <source dev='/dev/mapper/testlvm-testvol1'/> <target dev='vdd' bus='virtio'/> </disk> With the target being: /dev/mapper/testlvm-testvol1 -> ../dm-0 That currently is rendered as "/dev/mapper/testlvm-testvol1" rwk, but instead should be (and is with the fix): "/dev/dm-0" rwk, Fixes: b932ed69: "virt-aa-helper: resolve yet to be created paths" Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1756394Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 08 3月, 2018 1 次提交
-
-
由 Christian Ehrhardt 提交于
In certain cases a xml contains paths that do not yet exist, but are valid as qemu will create them later on - for example vhostuser mode=server sockets. In any such cases so far the check to virFileExists failed and due to that the paths stayed non-resolved in regard to symlinks. But for apparmor those non-resolved rules are non functional as they are evaluated after resolving any symlinks. Therefore for non-existent files and partially non-existent paths resolve as much as possible to get valid rules. Example: <interface type='vhostuser'> <model type='virtio'/> <source type='unix' path='/var/run/symlinknet' mode='server'/> </interface> Got rendered as: "/var/run/symlinknet" rw, But correct with "/var/run" being a symlink to "/run" is: "/run/symlinknet" rw, Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Acked-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 2月, 2018 1 次提交
-
-
由 Daniel P. Berrangé 提交于
The QEMU driver loadable module needs to be able to resolve all ELF symbols it references against libvirt.so. Some of its symbols can only be resolved against the storage_driver.so loadable module which creates a hard dependancy between them. By moving the storage file backend framework into the util directory, this gets included directly in the libvirt.so library. The actual backend implementations are still done as loadable modules, so this doesn't re-add deps on gluster libraries. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 06 2月, 2018 1 次提交
-
-
由 Shivaprasad G Bhat 提交于
The virt-aa-helper fails to parse the xmls with the memory/cpu hotplug features or user assigned aliases. Set the features in xmlopt->config for the parsing to succeed. Signed-off-by: NShivaprasad G Bhat <sbhat@linux.vnet.ibm.com> Tested-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Reviewed-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 10 1月, 2018 1 次提交
-
-
由 Christian Ehrhardt 提交于
This is now covered by DomainSetPathLabel being implemented in apparmor. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 27 10月, 2017 1 次提交
-
-
由 Christian Ehrhardt 提交于
Some globbing chars in the domain name could be used to break out of apparmor rules, so lets forbid these when in virt-aa-helper. Also adding a test to ensure all those cases were detected as bad char. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 26 10月, 2017 1 次提交
-
-
由 Christian Ehrhardt 提交于
Hot-adding disks does not parse the full XML to generate apparmor rules. Instead it uses -f <PATH> to append a generic rule for that file path. 580cdaa7: "virt-aa-helper: locking disk files for qemu 2.10" implemented the qemu 2.10 requirement to allow locking on disks images that are part of the domain xml. But on attach-device a user will still trigger an apparmor deny by going through virt-aa-helper -f, to fix that add the lock "k" permission to the append file case of virt-aa-helper. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 17 10月, 2017 1 次提交
-
-
由 Peter Krempa 提交于
Add helpers that will simplify checking if a backing file is valid or whether it has backing store. The helper virStorageSourceIsBacking returns true if the given virStorageSource is a valid backing store member. virStorageSourceHasBacking returns true if the virStorageSource has a backing store child. Adding these functions creates a central points for further refactors.
-
- 06 10月, 2017 3 次提交
-
-
由 Christian Ehrhardt 提交于
To avoid any issues later on if paths ever change (unlikely but possible) and to match the style of other generated rules the paths of the static rules have to be quoted as well. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
libvirt allows spaces in vm names, there were issues in the past but it seems not removed so the assumption has to be that spaces are continuing to be allowed. Therefore virt-aa-helper should not reject spaces in vm names anymore if it is going to be refused causing issues then the parser or xml schema should do so. Apparmor rules are in quotes, so a space in a path based on the name works. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Christian Ehrhardt 提交于
If users only specified vendor&product (the common case) then parsing the xml via virDomainHostdevSubsysUSBDefParseXML would only set these. Bus and Device would much later be added when the devices are prepared to be added. Due to that a hot-add of a usb hostdev works as the device is prepared and virt-aa-helper processes the new internal xml. But on an initial guest start at the time virt-aa-helper renders the apparmor rules the bus/device id's are not set yet: p ctl->def->hostdevs[0]->source.subsys.u.usb $12 = {autoAddress = false, bus = 0, device = 0, vendor = 1921, product = 21888} That causes rules to be wrong: "/dev/bus/usb/000/000" rw, The fix calls virHostdevFindUSBDevice after reading the XML from virt-aa-helper to only add apparmor rules for devices that could be found and now are fully known to be able to write the rule correctly. It uncondtionally sets virHostdevFindUSBDevice mandatory attribute as adding an apparmor rule for a device not found makes no sense no matter what startup policy it has set. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 19 9月, 2017 1 次提交
-
-
由 Guido Günther 提交于
Things moved again, sigh. Reviewed-By: NJamie Strandboge <jamie@canonical.com> Michal Privoznik <mprivozn@redhat.com>
-
- 17 8月, 2017 2 次提交
-
-
由 Christian Ehrhardt 提交于
Testing qemu-2.10-rc3 shows issues like: qemu-system-aarch64: -drive file=/home/ubuntu/vm-start-stop/vms/ 7936-0_CODE.fd,if=pflash,format=raw,unit=1: Failed to unlock byte 100 There is an apparmor deny due to qemu now locking those files: apparmor="DENIED" operation="file_lock" [...] name="/home/ubuntu/vm-start-stop/vms/7936-0_CODE.fd" name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow" [...] comm="qemu-system-aarch64" requested_mask="k" denied_mask="k" The profile needs to allow locking for loader and nvram files via the locking (k) rule. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
由 Christian Ehrhardt 提交于
Testing qemu-2.10-rc2 shows issues like: qemu-system-x86_64: -drive file=/var/lib/uvtool/libvirt/images/kvmguest- \ artful-normal.qcow,format=qcow2,if=none,id=drive-virtio-disk0: Failed to lock byte 100 It seems the following qemu commit changed the needs for the backing image rules: (qemu) commit 244a5668106297378391b768e7288eb157616f64 Author: Fam Zheng <famz@redhat.com> file-posix: Add image locking to perm operations The block appears as: apparmor="DENIED" operation="file_lock" [...] name="/var/lib/uvtool/libvirt/images/kvmguest-artful-normal.qcow" [...] comm="qemu-system-x86" requested_mask="k" denied_mask="k" With that qemu change in place the rules generated for the image and backing files need the allowance to also lock (k) the files. Disks are added via add_file_path and with this fix rules now get that permission, but no other rules are changed, example: - "/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow" rw, + "/var/lib/uvtool/libvirt/images/kvmguest-artful-normal-a2.qcow" rwk Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 14 8月, 2017 1 次提交
-
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 27 7月, 2017 1 次提交
-
-
由 Peter Krempa 提交于
In commit 5e515b54 I've attempted to fix the inability to access storage from the apparmor helper program by linking with the storage driver. By linking with the .so the linker complains that it's not portable. Fix this by loading the module dynamically as we are supposed to do. Reviewed-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 19 7月, 2017 1 次提交
-
-
由 Peter Krempa 提交于
The refactor to split up storage driver into modules broke the apparmor helper program, since that did not initialize the storage driver properly and thus detection of the backing chain could not work. Register the storage driver backends explicitly. Unfortunately it's now necessary to link with the full storage driver to satisfy dependencies of the loadable modules. Reviewed-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Reported-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Tested-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
-
- 11 7月, 2017 1 次提交
-
-
由 Peter Krempa 提交于
The helper methods for actually accessing the storage objects don't really belong to the main storage driver implementation file. Split them out.
-
- 16 6月, 2017 2 次提交
-
-
由 William Grant 提交于
Allow access to aarch64 UEFI images. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: NStefan Bader <stefan.bader@canonical.com> Acked-by: NGuido Günther <agx@sigxcpu.org>
-
由 Simon McVittie 提交于
The split firmware and variables files introduced by https://bugs.debian.org/764918 are in a different directory for some reason. Let the virtual machine read both. Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: NStefan Bader <stefan.bader@canonical.com>
-
- 07 6月, 2017 1 次提交
-
-
由 Jiri Denemark 提交于
virDomainXMLOption gains driver specific callbacks for parsing and formatting save cookies. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com>
-
- 05 6月, 2017 1 次提交
-
-
由 Michal Privoznik 提交于
While checking for ABI stability, drivers might pose additional checks that are not valid for general case. For instance, qemu driver might check some memory backing attributes because of how qemu works. But those attributes may work well in other drivers. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 30 11月, 2016 1 次提交
-
-
由 Christian Ehrhardt 提交于
When virt-aa-helper parses xml content it can fail on security labels. It fails by requiring to parse active domain content on seclabels that are not yet filled in. Testcase with virt-aa-helper on a minimal xml: $ cat << EOF > /tmp/test.xml <domain type='kvm'> <name>test-seclabel</name> <uuid>12345678-9abc-def1-2345-6789abcdef00</uuid> <memory unit='KiB'>1</memory> <os><type arch='x86_64'>hvm</type></os> <seclabel type='dynamic' model='apparmor' relabel='yes'/> <seclabel type='dynamic' model='dac' relabel='yes'/> </domain> EOF $ /usr/lib/libvirt/virt-aa-helper -d -r -p 0 \ -u libvirt-12345678-9abc-def1-2345-6789abcdef00 < /tmp/test.xml Current Result: virt-aa-helper: error: could not parse XML virt-aa-helper: error: could not get VM definition Expected Result is a valid apparmor profile Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: NGuido Günther <agx@sigxcpu.org>
-
- 22 10月, 2016 1 次提交
-
-
由 John Ferlan 提交于
Change the virDomainChrDef to use a pointer to 'source' and allocate that pointer during virDomainChrDefNew. This has tremendous "fallout" in the rest of the code which mainly has to change source.$field to source->$field. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
- 26 9月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
We want to pass the proper opaque pointer instead of NULL to virDomainDefParse and subsequently virDomainDefParseNode too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 08 9月, 2016 2 次提交
-
-
由 Julio Faracco 提交于
There is an issue with a wrong label inside vah_add_path(). The compilation fails with the error: make[3]: Entering directory '/tmp/libvirt/src' CC security/virt_aa_helper-virt-aa-helper.o security/virt-aa-helper.c: In function 'vah_add_path': security/virt-aa-helper.c:769:9: error: label 'clean' used but not defined goto clean; This patch moves 'clean' label to 'cleanup' label. Signed-off-by: NJulio Faracco <jcfaracco@gmail.com>
-
由 Rufo Dogav 提交于
This patch fixes a segfault in virt-aa-helper caused by attempting to modify a static string literal. It is triggered when a domain has a <filesystem> with type='mount' configured read-only and libvirt is using the AppArmor security driver for sVirt confinement. An "R" is passed into the function and converted to 'r'.
-
- 22 7月, 2016 1 次提交
-
-
由 Guido Günther 提交于
-
- 19 7月, 2016 2 次提交
-
-
由 Cédric Bosdonnat 提交于
Better fix replacing c726af2d: introducing an 'R' permission to add read rule, but no explicit deny write rule.
-
由 Julio Faracco 提交于
The commit da665fbd introduced virStorageSourcePtr inside the structure _virDomainFSDef. This is causing an error when libvirt is being compiled. make[3]: Entering directory `/media/julio/8d65c59c-6ade-4740-9cdc-38016a4cb8ae /home/julio/Desktop/virt/libvirt/src' CC security/virt_aa_helper-virt-aa-helper.o security/virt-aa-helper.c: In function 'get_files': security/virt-aa-helper.c:1087:13: error: passing argument 2 of 'vah_add_path' from incompatible pointer type [-Werror] if (vah_add_path(&buf, fs->src, "rw", true) != 0) ^ security/virt-aa-helper.c:732:1: note: expected 'const char *' but argument is of type 'virStorageSourcePtr' vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursive) ^ cc1: all warnings being treated as errors Adding the attribute "path" from virStorageSourcePtr fixes this issue. Signed-off-by: NJulio Faracco <jcfaracco@gmail.com>
-
- 09 6月, 2016 2 次提交
-
-
由 Pavel Hrdina 提交于
VNC graphics already supports sockets but only via 'socket' attribute. This patch coverts that attribute into listen type 'socket'. For backward compatibility we need to handle listen type 'socket' and 'socket' attribute properly to support old XMLs and new XMLs. If both are provided they have to match, if only one of them is provided we need to be able to parse that configuration too. To not break migration back to old libvirt if the socket is provided by user we need to generate migratable XML without the listen element and use only 'socket' attribute. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 07 6月, 2016 1 次提交
-
-
由 Peter Krempa 提交于
Until now we weren't able to add checks that would reject configuration once accepted by the parser. This patch adds a new callback and infrastructure to add such checks. In this patch all the places where rejecting a now-invalid configuration wouldn't be a good idea are marked with a new parser flag.
-