- 24 4月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
Since cbe67ff9 virSecuritySELinuxGenNewContext reports good error messages. Fix callers that mask the errors by generic error message.
-
- 17 4月, 2013 1 次提交
-
-
由 Osier Yang 提交于
Detected by a simple Shell script: for i in $(git ls-files -- '*.[ch]'); do awk 'BEGIN { fail=0 } /# *include.*\.h/{ match($0, /["<][^">]*[">]/) arr[substr($0, RSTART+1, RLENGTH-2)]++ } END { for (key in arr) { if (arr[key] > 1) { fail=1 printf("%d %s\n", arr[key], key) } } if (fail == 1) exit 1 }' $i if test $? != 0; then echo "Duplicate header(s) in $i" fi done; A later patch will add the syntax-check to avoid duplicate headers.
-
- 13 4月, 2013 1 次提交
-
-
由 Stefan Berger 提交于
Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Reviewed-by: NCorey Bryant <coreyb@linux.vnet.ibm.com> Tested-by: NCorey Bryant <coreyb@linux.vnet.ibm.com>
-
- 05 4月, 2013 4 次提交
-
-
由 Peter Krempa 提交于
This patch refactors various places to allow removing of the defaultConsoleTargetType callback from the virCaps structure. A new console character device target type is introduced - VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_NONE - to mark that no type was specified in the XML. This type is at the end converted to the standard VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL. Other types that are different from this default have to be processed separately in the device post parse callback.
-
由 Peter Krempa 提交于
Move the xmlopt and caps arguments to the end of the argument list.
-
由 Peter Krempa 提交于
This patch adds instrumentation that will allow hypervisor drivers to fill and validate domain and device definitions after parsed by the XML parser. With this patch, after the XML is parsed, a callback to the driver is issued requesting to fill and validate driver specific details of the configuration. This allows to use sensible defaults and checks on a per driver basis at the time the XML is parsed. Two callback pointers are stored in the new virDomainXMLConf object: * virDomainDeviceDefPostParseCallback (devicesPostParseCallback) - called for a single device parsed and for every single device in a domain config. A virDomainDeviceDefPtr is passed along with the domain definition and virCaps. * virDomainDefPostParseCallback, (domainPostParseCallback) - A callback that is meant to process the domain config after it's parsed. A virDomainDefPtr is passed along with virCaps. Both types of callbacks support arbitrary opaque data passed for the callback functions. Errors may be reported in those callbacks resulting in a XML parsing failure.
-
由 Peter Krempa 提交于
This patch is the result of running: for i in $(git ls-files | grep -v html | grep -v \.po$ ); do sed -i -e "s/virDomainXMLConf/virDomainXMLOption/g" -e "s/xmlconf/xmlopt/g" $i done and a few manual tweaks.
-
- 04 4月, 2013 1 次提交
-
-
由 Guido Günther 提交于
otherwise we crash later on if we don't find a match like: #0 0xb72c2b4f in virSecurityManagerGenLabel (mgr=0xb8e42d20, vm=0xb8ef40c0) at security/security_manager.c:424 #1 0xb18811f3 in qemuProcessStart (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=vm@entry=0xb8ef58f0, migrateFrom=migrateFrom@entry=0xb18f6088 "stdio", stdin_fd=18, stdin_path=stdin_path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", snapshot=snapshot@entry=0x0, vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_RESTORE, flags=flags@entry=2) at qemu/qemu_process.c:3364 #2 0xb18d6cb2 in qemuDomainSaveImageStartVM (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=0xb8ef58f0, fd=fd@entry=0xb6bf3f98, header=header@entry=0xb6bf3fa0, path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", start_paused=start_paused@entry=false) at qemu/qemu_driver.c:4843 #3 0xb18d7eeb in qemuDomainRestoreFlags (conn=conn@entry=0xb8eed880, path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", dxml=dxml@entry=0x0, flags=flags@entry=0) at qemu/qemu_driver.c:4962 #4 0xb18d8123 in qemuDomainRestore (conn=0xb8eed880, path=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img") at qemu/qemu_driver.c:4987 #5 0xb718d186 in virDomainRestore (conn=0xb8eed880, from=0xb8ea87d8 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img") at libvirt.c:2768 #6 0xb7736363 in remoteDispatchDomainRestore (args=<optimized out>, rerr=0xb6bf41f0, client=0xb8eedaf0, server=<optimized out>, msg=<optimized out>) at remote_dispatch.h:4679 #7 remoteDispatchDomainRestoreHelper (server=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8, rerr=0xb6bf41f0, args=0xb8ea8968, ret=0xb8ef5330) at remote_dispatch.h:4661 #8 0xb720db01 in virNetServerProgramDispatchCall (msg=0xb8ee72c8, client=0xb8eedaf0, server=0xb8e1a3e0, prog=0xb8e216b0) at rpc/virnetserverprogram.c:439 #9 virNetServerProgramDispatch (prog=0xb8e216b0, server=server@entry=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8) at rpc/virnetserverprogram.c:305 #10 0xb7206e97 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0xb8e1a3e0) at rpc/virnetserver.c:162 #11 virNetServerHandleJob (jobOpaque=0xb8ea7720, opaque=0xb8e1a3e0) at rpc/virnetserver.c:183 #12 0xb70f9f78 in virThreadPoolWorker (opaque=opaque@entry=0xb8e1a540) at util/virthreadpool.c:144 #13 0xb70f94a5 in virThreadHelper (data=0xb8e0e558) at util/virthreadpthread.c:161 #14 0xb705d954 in start_thread (arg=0xb6bf4b70) at pthread_create.c:304 #15 0xb6fd595e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 This unbreaks libvirt-tck's domain/100-transient-save-restore.t with qemu:///session and selinux compiled in but disabled. Introduced by 8d68cbea
-
- 03 4月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=947387 If a user configures a domain to use a seclabel of a specific type, but the appropriate driver is not accessible, we should refuse to start the domain. For instance, if user requires selinux, but it is either non present in the system, or is just disabled, we should not start the domain. Moreover, since we are touching only those labels we have a security driver for, the other labels may confuse libvirt when reconnecting to a domain on libvirtd restart. In our selinux example, when starting up a domain, missing security label is okay, as we auto-generate one. But later, when libvirt is re-connecting to a live qemu instance, we parse a state XML, where security label is required and it is an error if missing: error : virSecurityLabelDefParseXML:3228 : XML error: security label is missing This results in a qemu process left behind without any libvirt control.
-
- 28 3月, 2013 3 次提交
-
-
由 Michal Privoznik 提交于
With my previous patches, we unconditionally appended a seclabel, even if it wasn't generated but found in array of defined seclabels. This resulted in double free later when doing virDomainDefFree and iterating over the array of defined seclabels. Moreover, there was another possibility of double free, if the seclabel was generated in the last iteration of the process of walking trough security managers array.
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=923946 The <seclabel type='none'/> should be added iff there is no other seclabel defined within a domain. This bug can be easily reproduced: 1) configure selinux seclabel for a domain 2) disable system's selinux and restart libvirtd 3) observe <seclabel type='none'/> being appended to a domain on its startup
-
由 Michal Privoznik 提交于
The virDomainDefGetSecurityLabelDef was modifying the domain XML. It tried to find a seclabel corresponding to given sec driver. If the label wasn't found, the function created one which is wrong. In fact it's security manager which should modify this part of domain XML.
-
- 20 3月, 2013 1 次提交
-
-
由 Olivia Yin 提交于
-
- 14 3月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
Normally libvirtd should run with a SELinux label system_u:system_r:virtd_t:s0-s0:c0.c1023 If a user manually runs libvirtd though, it is sometimes possible to get into a situation where it is running system_u:system_r:init_t:s0 The SELinux security driver isn't expecting this and can't parse the security label since it lacks the ':c0.c1023' part causing it to complain internal error Cannot parse sensitivity level in s0 This updates the parser to cope with this, so if no category is present, libvirtd will hardcode the equivalent of c0.c1023. Now this won't work if SELinux is in Enforcing mode, but that's not an issue, because the user can only get into this problem if in Permissive mode. This means they can now start VMs in Permissive mode without hitting that parsing error Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Pull the code which parses the current process MCS range out of virSecuritySELinuxMCSFind and into a new method virSecuritySELinuxMCSGetProcessRange. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The body of the loop in virSecuritySELinuxMCSFind would directly 'return NULL' on OOM, instead of jumping to the cleanup label. This caused a leak of several local vars. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 13 3月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
The virCaps structure gathered a ton of irrelevant data over time that. The original reason is that it was propagated to the XML parser functions. This patch aims to create a new data structure virDomainXMLConf that will contain immutable data that are used by the XML parser. This will allow two things we need: 1) Get rid of the stuff from virCaps 2) Allow us to add callbacks to check and add driver specific stuff after domain XML is parsed. This first attempt removes pointers to private data allocation functions to this new structure and update all callers and function that require them.
-
- 08 3月, 2013 1 次提交
-
-
由 Guannan Ren 提交于
Rename AppArmorSetImageFDLabel to AppArmorSetFDLabel which could be used as a common function for *ALL* fd relabelling in Linux. In apparmor profile for specific vm with uuid cdbebdfa-1d6d-65c3-be0f-fd74b978a773 Path: /etc/apparmor.d/libvirt/libvirt-cdbebdfa-1d6d-65c3-be0f-fd74b978a773.files The last line is for the tapfd relabelling. # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT. "/var/log/libvirt/**/rhel6qcow2.log" w, "/var/lib/libvirt/**/rhel6qcow2.monitor" rw, "/var/run/libvirt/**/rhel6qcow2.pid" rwk, "/run/libvirt/**/rhel6qcow2.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, "/run/libvirt/**/*.tunnelmigrate.dest.rhel6qcow2" rw, "/var/lib/libvirt/images/rhel6u3qcow2.img" rw, "/dev/tap45" rw,
-
- 01 3月, 2013 1 次提交
-
-
由 Jim Fehlig 提交于
With the apparmor security driver enabled, qemu instances fail to start # grep ^security_driver /etc/libvirt/qemu.conf security_driver = "apparmor" # virsh start test-kvm error: Failed to start domain test-kvm error: internal error security label already defined for VM The model field of virSecurityLabelDef object is always populated by virDomainDefGetSecurityLabelDef(), so remove the check for a NULL model when verifying if a label is already defined for the instance. Checking for a NULL model and populating it later in AppArmorGenSecurityLabel() has been left in the code to be consistent with virSecuritySELinuxGenSecurityLabel().
-
- 16 2月, 2013 1 次提交
-
-
由 John Ferlan 提交于
Coverity found the DACGenLabel was checking for mgr == NULL after a possible dereference; however, in order to get into the function the virSecurityManagerGenLabel would have already dereferenced sec_managers[i] so the check was unnecessary. Same check is made in SELinuxGenSecurityLabel.
-
- 14 2月, 2013 1 次提交
-
-
由 Laine Stump 提交于
The existing virSecurityManagerSetProcessLabel() API is designed so that it must be called after forking the child process, but before exec'ing the child. Due to the way the virCommand API works, that means it needs to be put in a "hook" function that virCommand is told to call out to at that time. Setting the child process label is a basic enough need when executing any process that virCommand should have a method of doing that. But virCommand must be told what label to set, and only the security driver knows the answer to that question. The new virSecurityManagerSet*Child*ProcessLabel() API is the way to transfer the knowledge about what label to set from the security driver to the virCommand object. It is given a virCommandPtr, and each security driver calls the appropriate virCommand* API to tell virCommand what to do between fork and exec. 1) in the case of the DAC security driver, it calls virCommandSetUID/GID() to set a uid and gid that must be set for the child process. 2) for the SELinux security driver, it calls virCommandSetSELinuxLabel() to save a copy of the char* that will be sent to setexeccon_raw() *after forking the child process*. 3) for the AppArmor security drivers, it calls virCommandSetAppArmorProfile() to save a copy of the char* that will be sent to aa_change_profile() *after forking the child process*. With this new API in place, we will be able to remove virSecurityManagerSetProcessLabel() from any virCommand pre-exec hooks. (Unfortunately, the LXC driver uses clone() rather than virCommand, so it can't take advantage of this new security driver API, meaning that we need to keep around the older virSecurityManagerSetProcessLabel(), at least for now.)
-
- 12 2月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
The hook scripts used by virCommand must be careful wrt accessing any mutexes that may have been held by other threads in the parent process. With the recent refactoring there are 2 potential flaws lurking, which will become real deadlock bugs once the global QEMU driver lock is removed. Remove use of the QEMU driver lock from the hook function by passing in the 'virQEMUDriverConfigPtr' instance directly. Add functions to the virSecurityManager to be invoked before and after fork, to ensure the mutex is held by the current thread. This allows it to be safely used in the hook script in the child process. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Eric Blake 提交于
On RHEL 5, I got: security/security_selinux.c: In function 'getContext': security/security_selinux.c:971: warning: unused parameter 'mgr' [-Wunused-parameter] * src/security/security_selinux.c (getContext): Mark potentially unused parameter.
-
由 Daniel P. Berrange 提交于
The security manager drivers are not allowed to call back out to top level security manager APIs, since that results in recursive mutex acquisition and thus deadlock. Remove calls to virSecurityManagerGetModel from SELinux / AppArmor drivers Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 2月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Add locking to virSecurityManagerXXX APIs, so that use of the security drivers is internally serialized. This avoids the need to rely on the global driver locks to achieve serialization Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
To enable locking to be introduced to the security manager objects later, turn virSecurityManager into a virObjectLockable class Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 08 2月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
To enable virCapabilities instances to be reference counted, turn it into a virObject. All cases of virCapabilitiesFree turn into virObjectUnref Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 06 2月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Rename all the usbDeviceXXX and usbXXXDevice APIs to have a fixed virUSBDevice name prefix
-
由 Daniel P. Berrange 提交于
Rename all the pciDeviceXXX and pciXXXDevice APIs to have a fixed virPCIDevice name prefix
-
- 24 1月, 2013 4 次提交
-
-
由 Jiri Denemark 提交于
-
由 Jiri Denemark 提交于
-
由 Richard W.M. Jones 提交于
According to Eric Paris this is slightly more efficient because it only loads the regular expressions in libselinux once.
-
由 John Ferlan 提交于
-
- 23 1月, 2013 1 次提交
-
-
由 John Ferlan 提交于
It was possible to call VIR_FREE in cleanup prior to initialization
-
- 22 1月, 2013 2 次提交
-
-
由 John Ferlan 提交于
Commit id a994ef2d changed the mechanism to store/update the default security label from using disk->seclabels[0] to allocating one on the fly. That change allocated the label, but never saved it. This patch will save the label. The new virDomainDiskDefAddSecurityLabelDef() is a copy of the virDomainDefAddSecurityLabelDef().
-
由 John Ferlan 提交于
-
- 21 12月, 2012 4 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-