- 01 10月, 2010 1 次提交
-
-
由 Jamie Strandboge 提交于
Description: Implement AppArmorSetSecurityHostdevLabel() and AppArmorRestoreSecurityHostdevLabel() for hostdev and pcidev attach. virt-aa-helper also has to be adjusted because *FileIterate() is used for pci and usb devices and the corresponding XML for hot attached hostdev and pcidev is not in the XML passed to virt-aa-helper. The new '-F filename' option is added to append a rule to the profile as opposed to the existing '-f filename', which rewrites the libvirt-<uuid>.files file anew. This new '-F' option will append a rule to an existing libvirt-<uuid>.files if it exists, otherwise it acts the same as '-f'. load_profile() and reload_profile() have been adjusted to add an 'append' argument, which when true will use '-F' instead of '-f' when executing virt-aa-helper. All existing calls to load_profile() and reload_profile() have been adjusted to use the old behavior (ie append==false) except AppArmorSetSavedStateLabel() where it made sense to use the new behavior. This patch also adds tests for '-F'. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/640993
-
- 24 9月, 2010 1 次提交
-
-
由 Jamie Strandboge 提交于
Description: Check for VIR_DOMAIN_CHR_TYPE in serial ports and add 'rw' for defined serial ports, parallel ports and channels Bug-Ubuntu: LP: #578527, LP: #609055
-
- 17 8月, 2010 1 次提交
-
-
由 Jamie Strandboge 提交于
* src/security/virt-aa-helper.c: Add missing include.
-
- 24 7月, 2010 3 次提交
-
-
由 Matthias Bolte 提交于
Commit 68719c4b added the p option to control disk format probing, but it wasn't added to the getopt_long optstring parameter. Add the p option to the getopt_long optstring parameter.
-
由 Matthias Bolte 提交于
Commit a8853344 added this function and wrapped vah_add_file in it. vah_add_file may return -1, 0, 1. It returns 1 in case the call to valid_path detects a restricted file. The original code treated a return value != 0 as error. The refactored code treats a return value < 0 as error. This triggers segfault in virt-aa-helper and breaks virt-aa-helper-test for the restricted file tests. Make sure that add_file_path returns -1 on error.
-
由 Matthias Bolte 提交于
virt-aa-helper used to ignore errors when opening files. Commit a8853344 refactored the related code and changed this behavior. virt-aa-helper didn't ignore open errors anymore and virt-aa-helper-test fails. Make sure that virt-aa-helper ignores open errors again.
-
- 20 7月, 2010 4 次提交
-
-
由 Daniel P. Berrange 提交于
Disk format probing is now disabled by default. A new config option in /etc/qemu/qemu.conf will re-enable it for existing deployments where this causes trouble
-
由 Daniel P. Berrange 提交于
The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
-
由 Daniel P. Berrange 提交于
Update the QEMU cgroups code, QEMU DAC security driver, SELinux and AppArmour security drivers over to use the shared helper API virDomainDiskDefForeachPath(). * src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c, src/security/security_selinux.c, src/security/virt-aa-helper.c: Convert over to use virDomainDiskDefForeachPath()
-
由 Daniel P. Berrange 提交于
Require the disk image to be passed into virStorageFileGetMetadata. If this is set to VIR_STORAGE_FILE_AUTO, then the format will be resolved using probing. This makes it easier to control when probing will be used * src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c, src/security/security_selinux.c, src/security/virt-aa-helper.c: Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata. * src/storage/storage_backend_fs.c: Probe for disk format before calling virStorageFileGetMetadata. * src/util/storage_file.h, src/util/storage_file.c: Remove format from virStorageFileMeta struct & require it to be passed into method.
-
- 28 6月, 2010 1 次提交
-
-
由 Laine Stump 提交于
Also restore the label to its original value after qemu is finished with the file. Prior to this patch, qemu domain restore did not function properly if selinux was set to enforce.
-
- 25 6月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
When configuring serial, parallel, console or channel devices with a file, dev or pipe backend type, it is necessary to label the file path in the security drivers. For char devices of type file, it is neccessary to pre-create (touch) the file if it does not already exist since QEMU won't be allowed todo so itself. dev/pipe configs already require the admin to pre-create before starting the guest. * src/qemu/qemu_security_dac.c: set file ownership for character devices * src/security/security_selinux.c: Set file labeling for character devices * src/qemu/qemu_driver.c: Add character devices to cgroup ACL
-
- 08 6月, 2010 4 次提交
-
-
由 Daniel P. Berrange 提交于
The restore code is done in places where errors cannot be raised, since they will overwrite over pre-existing errors. * src/security/security_selinux.c: Only warn about failures in label restore, don't report errors
-
由 Daniel J Walsh 提交于
When SELinux is running in MLS mode, libvirtd will have a different security level to the VMs. For libvirtd to be able to connect to the monitor console, the client end of the UNIX domain socket needs a different label. This adds infrastructure to set the socket label via the security driver framework * src/qemu/qemu_driver.c: Call out to socket label APIs in security driver * src/qemu/qemu_security_stacked.c: Wire up socket label drivers * src/security/security_driver.h: Define security driver entry points for socket labelling * src/security/security_selinux.c: Set socket label based on VM label
-
由 Jamie Strandboge 提交于
Refactor to update AppArmor security driver to adjust profile for save/restore. This addresses the following bugs: https://bugzilla.redhat.com/show_bug.cgi?id=529363 https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/457716
-
由 Jamie Strandboge 提交于
Adjust args to qemudStartVMDaemon() to also specify path to stdin_fd, so this can be passed to the AppArmor driver via SetSecurityAllLabel(). This updates all calls to qemudStartVMDaemon() as well as setting up the non-AppArmor security driver *SetSecurityAllLabel() declarations for the above. This is required for the following "apparmor-fix-save-restore" patch since AppArmor resolves the passed file descriptor to the pathname given to open().
-
- 19 5月, 2010 1 次提交
-
-
由 Jim Meyering 提交于
Do not require each caller of virStorageFileGetMetadata and virStorageFileGetMetadataFromFD to first clear the storage of the "meta" buffer. Instead, initialize that storage in virStorageFileGetMetadataFromFD. * src/util/storage_file.c (virStorageFileGetMetadataFromFD): Clear "meta" here, not before each of the following callers. * src/qemu/qemu_driver.c (qemuSetupDiskCgroup): Don't clear "meta" here. (qemuTeardownDiskCgroup): Likewise. * src/qemu/qemu_security_dac.c (qemuSecurityDACSetSecurityImageLabel): Likewise. * src/security/security_selinux.c (SELinuxSetSecurityImageLabel): Likewise. * src/security/virt-aa-helper.c (get_files): Likewise.
-
- 18 5月, 2010 2 次提交
-
-
由 Jim Meyering 提交于
* cfg.mk (useless_free_options): Add many vir*Free* function names, and then remove the useless if-before-free tests exposed by running make syntax-check. * src/conf/interface_conf.c (virInterfaceDefFree): Remove useless "if". (virInterfaceAssignDef): Likewise. * src/conf/network_conf.c (virNetworkAssignDef): Likewise. * src/conf/storage_conf.c (virStoragePoolObjAssignDef): Likewise. * src/node_device/node_device_hal.c (dev_create): Likewise. * src/security/virt-aa-helper.c (vahDeinit): Likewise. * src/test/test_driver.c (testNodeDeviceCreateXML): Likewise. * src/util/conf.c (virConfSetValue): Likewise.
-
由 Eric Blake 提交于
virFileResolveLink was returning a positive value on error, thus confusing callers that assumed failure was < 0. The confusion is further evidenced by callers that would have ended up calling virReportSystemError with a negative value instead of a valid errno. Fixes Red Hat BZ #591363. * src/util/util.c (virFileResolveLink): Live up to documentation. * src/qemu/qemu_security_dac.c (qemuSecurityDACRestoreSecurityFileLabel): Adjust callers. * src/security/security_selinux.c (SELinuxRestoreSecurityFileLabel): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskDeleteVol): Likewise.
-
- 14 5月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
When QEMU runs with its disk on NFS, and as a non-root user, the disk is chownd to that non-root user. When migration completes the last step is shutting down the QEMU on the source host. THis normally resets user/group/security label. This is bad when the VM was just migrated because the file is still in use on the dest host. It is thus neccessary to skip the reset step for any files found to be on a shared filesystem * src/libvirt_private.syms: Export virStorageFileIsSharedFS * src/util/storage_file.c, src/util/storage_file.h: Add a new method virStorageFileIsSharedFS() to determine if a file is on a shared filesystem (NFS, GFS, OCFS2, etc) * src/qemu/qemu_driver.c: Tell security driver not to reset disk labels on migration completion * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_selinux.c, src/security/security_driver.h, src/security/security_apparmor.c: Add ability to skip disk restore step for files on shared filesystems.
-
- 30 4月, 2010 1 次提交
-
-
由 Jiri Denemark 提交于
-
- 07 4月, 2010 6 次提交
-
-
由 Jamie Strandboge 提交于
* src/security/virt-aa-helper.c: add support for SDL devices and 3 code cleanups
-
由 Jamie Strandboge 提交于
* src/security/virt-aa-helper.c: adjust virt-aa-helper to handle pci devices. Update valid_path() to have an override array to check against, and add "/sys/devices/pci" to it. Then rename file_iterate_cb() to file_iterate_hostdev_cb() and create file_iterate_pci_cb() based on it
-
由 Jamie Strandboge 提交于
adjust virt-aa-helper to handle backing store * src/security/virt-aa-helper.c: look for backing store metadata for disk definitions.
-
由 Jamie Strandboge 提交于
To avoid an error when hitting the <seclabel...> definition * src/security/virt-aa-helper.c: add VIR_DOMAIN_XML_INACTIVE flag to virDomainDefParseString
-
由 Jamie Strandboge 提交于
Don't exit with error if the user unloaded the profile outside of libvirt * src/security/virt-aa-helper.c: check the exit error from apparmor_parser before exiting with a failure
-
由 Jamie Strandboge 提交于
The calls to virExec() in security_apparmor.c when invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without libcap-ng, this is not a problem (it's effectively a no-op) but with libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by virt-aa-helper to manipulate apparmor profiles and without it VMs will not start[1]. This patch calls virExec with the default VIR_EXEC_NONE instead. * src/security/security_apparmor.c: fallback to VIR_EXEC_NONE flags for virExec of virt_aa_helper
-
- 06 4月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
-
- 02 4月, 2010 1 次提交
-
-
由 Laine Stump 提交于
(suggested by Daniel Berrange, tested by Dan Kenigsberg) virStorageFileGetMetadata will fail for disk images that are stored on a root-squash NFS share that isn't world-readable. SELinuxSetSecurityImageLabel is called during the startup of every domain (as long as security_driver != "none"), and it will propogate the error from virStorageFileGetMetadata, causing the domain startup to fail. This is, however, a common scenario when qemu is run as a non-root user and the disk image is stored on NFS. Ignoring this failure (which doesn't matter in this case, since the next thing done by SELinuxSetSecurityImageLabel - setting the file context - will also fail (and that function already ignores failures due to root-squash NFS) will allow us to continue bringing up the domain. The result is that we don't need to disable the entire security driver just because a domain's disk image is stored on root-squashed NFS.
-
- 22 3月, 2010 1 次提交
-
-
由 Cole Robinson 提交于
This can be triggered by the qemuStartVMDaemon cleanup path if a VM references a non-existent USB device (by product) in the XML.
-
- 16 3月, 2010 1 次提交
-
-
由 Cole Robinson 提交于
Fixes URL installs when running virt-install as root on Fedora.
-
- 10 3月, 2010 1 次提交
-
-
由 Eric Blake 提交于
* global: patch created by running: for f in $(git ls-files '*.[ch]') ; do cppi $f > $f.t && mv $f.t $f done
-
- 08 3月, 2010 1 次提交
-
-
由 Eric Blake 提交于
Prior to this patch, there was an inconsistent mix between GNU and C99. For consistency, and potential portability to other compilers, stick with the C99 vararg macro syntax. * src/conf/cpu_conf.c (virCPUReportError): Use C99 rather than GNU vararg macro syntax. * src/conf/domain_conf.c (virDomainReportError): Likewise. * src/conf/domain_event.c (eventReportError): Likewise. * src/conf/interface_conf.c (virInterfaceReportError): Likewise. * src/conf/network_conf.c (virNetworkReportError): Likewise. * src/conf/node_device_conf.h (virNodeDeviceReportError): Likewise. * src/conf/secret_conf.h (virSecretReportError): Likewise. * src/conf/storage_conf.h (virStorageReportError): Likewise. * src/esx/esx_device_monitor.c (ESX_ERROR): Use C99 rather than GNU vararg macro syntax. * src/esx/esx_driver.c (ESX_ERROR): Likewise. * src/esx/esx_interface_driver.c (ESX_ERROR): Likewise. * src/esx/esx_network_driver.c (ESX_ERROR): Likewise. * src/esx/esx_secret_driver.c (ESX_ERROR): Likewise. * src/esx/esx_storage_driver.c (ESX_ERROR): Likewise. * src/esx/esx_util.c (ESX_ERROR): Likewise. * src/esx/esx_vi.c (ESX_VI_ERROR): Likewise. * src/esx/esx_vi_methods.c (ESX_VI_ERROR): Likewise. * src/esx/esx_vi_types.c (ESX_VI_ERROR): Likewise. * src/esx/esx_vmx.c (ESX_ERROR): Likewise. * src/util/hostusb.c (usbReportError): Use C99 rather than GNU vararg macro syntax. * src/util/json.c (virJSONError): Likewise. * src/util/macvtap.c (ReportError): Likewise. * src/util/pci.c (pciReportError): Likewise. * src/util/stats_linux.c (virStatsError): Likewise. * src/util/util.c (virUtilError): Likewise. * src/util/xml.c (virXMLError): Likewise. * src/xen/proxy_internal.c (virProxyError): Use C99 rather than GNU vararg macro syntax. * src/xen/sexpr.c (virSexprError): Likewise. * src/xen/xen_driver.c (xenUnifiedError): Likewise. * src/xen/xen_hypervisor.c (virXenError): Likewise. * src/xen/xen_inotify.c (virXenInotifyError): Likewise. * src/xen/xend_internal.c (virXendError): Likewise. * src/xen/xm_internal.c (xenXMError): Likewise. * src/xen/xs_internal.c (virXenStoreError): Likewise. * src/cpu/cpu.h (virCPUReportError): Use C99 rather than GNU vararg macro syntax. * src/datatypes.c (virLibConnError): Likewise. * src/interface/netcf_driver.c (interfaceReportError): Likewise. * src/libvirt.c (virLibStreamError): Likewise. * src/lxc/lxc_conf.h (lxcError): Likewise. * src/network/bridge_driver.c (networkReportError): Likewise. * src/nodeinfo.c (nodeReportError): Likewise. * src/opennebula/one_conf.h (oneError): Likewise. * src/openvz/openvz_conf.h (openvzError): Likewise. * src/phyp/phyp_driver.c (PHYP_ERROR): Likewise. * src/qemu/qemu_conf.h (qemuReportError): Likewise. * src/remote/remote_driver.c (errorf): Likewise. * src/security/security_driver.h (virSecurityReportError): Likewise. * src/test/test_driver.c (testError): Likewise. * src/uml/uml_conf.h (umlReportError): Likewise. * src/vbox/vbox_driver.c (vboxError): Likewise. * src/vbox/vbox_tmpl.c (vboxError): Likewise.
-
- 05 3月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
Changeset commit 5073aa99 Author: Cole Robinson <crobinso@redhat.com> Date: Mon Jan 11 11:40:46 2010 -0500 Added support for product/vendor based passthrough, but it only worked at the security driver layer. The main guest XML config was not updated with the resolved bus/device ID. When the QEMU argv refactoring removed use of product/vendor, this then broke launching guests. THe solution is to move the product/vendor resolution up a layer into the QEMU driver. So the first thing QEMU does is resolve the product/vendor to a bus/device and updates the XML config with this info. The rest of the code, including security drivers and QEMU argv generated can now rely on bus/device always being set. * src/util/hostusb.c, src/util/hostusb.h: Split vendor/product resolution code out of usbGetDevice and into usbFindDevice. Add accessors for bus/device ID * src/security/virt-aa-helper.c, src/security/security_selinux.c, src/qemu/qemu_security_dac.c: Remove vendor/product from the usbGetDevice() calls * src/qemu/qemu_driver.c: Use usbFindDevice to resolve vendor/product into a bus/device ID
-
- 15 2月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
The virRaiseError macro inside of virSecurityReportError expands to virRaiseErrorFull and includes the __FILE__, __FUNCTION__ and __LINE__ information. But this three values are always the same for every call to virSecurityReportError and do not reflect the actual error context. Converting virSecurityReportError into a macro results in getting the correct __FILE__, __FUNCTION__ and __LINE__ information.
-
- 12 2月, 2010 1 次提交
-
-
由 Matthias Bolte 提交于
Broken by the latest commits to remove the virConnectPtr parameter from internal functions.
-
- 10 2月, 2010 2 次提交
-
-
由 Daniel P. Berrange 提交于
All callers now pass a NULL virConnectPtr into the USB/PCi device iterator functions. Therefore the virConnectPtr arg can now be removed from these functions * src/util/hostusb.h, src/util/hostusb.c: Remove virConnectPtr from usbDeviceFileIterate * src/util/pci.c, src/util/pci.h: Remove virConnectPtr arg from pciDeviceFileIterate * src/qemu/qemu_security_dac.c, src/security/security_selinux.c: Update to drop redundant virConnectPtr arg
-
由 Daniel P. Berrange 提交于
The virConnectPtr is no longer required for error reporting since that is recorded in a thread local. Remove use of virConnectPtr from all APIs in security_driver.{h,c} and update all callers to match
-
- 09 2月, 2010 2 次提交
-
-
由 Matthias Bolte 提交于
It was used for error reporting only.
-
由 Matthias Bolte 提交于
It was used for error reporting only.
-