- 15 10月, 2019 3 次提交
-
-
由 Ján Tomko 提交于
Remove all usage of ATTRIBUTE_NORETURN in favor of GLib's G_GNUC_NORETURN. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
Add an exception for the GLib versions of the macros we already ignore. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Ján Tomko 提交于
They are already defined in glib.h. (libxml2 also has them defined) Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 14 10月, 2019 24 次提交
-
-
由 Michal Privoznik 提交于
In order to have multiple security drivers hidden under one virSecurity* call, we have virSecurityStack driver which holds a list of registered security drivers and for every virSecurity* call it iterates over the list and calls corresponding callback in real security drivers. For instance, for virSecurityManagerSetAllLabel() it calls domainSetSecurityAllLabel callback sequentially in NOP, DAC and (possibly) SELinux or AppArmor drivers. This works just fine if the callback from every driver returns success. Problem arises when one of the drivers fails. For instance, aforementioned SetAllLabel() succeeds for DAC but fails in SELinux in which case all files that DAC relabelled are now owned by qemu:qemu (or whomever runs qemu) and thus permissions are leaked. This is even more visible with XATTRs which remain set for DAC. The solution is to perform a rollback on failure, i.e. call opposite action on drivers that succeeded. I'm providing rollback only for set calls and intentionally omitting restore calls for two reasons: 1) restore calls are less likely to fail (they merely remove XATTRs and chown()/setfilecon() file - all of these operations succeeded in set call), 2) we are not really interested in restore failures - in a very few places we check for retval of a restore function we do so only to print a warning. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740024Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
In near future we will need to walk through the list of internal drivers in reversed order. The simplest solution is to turn singly linked list into a doubly linked list. We will not need to start from the end really, so there's no tail pointer kept. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
This function returns the name of the secdriver. Since the name is invariant we don't really need to lock the manager - it won't change. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
This function is in fact returning the name of the virtualization driver that registered the security manager/driver. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Michal Privoznik 提交于
In upcoming commits, virSecurityManagerSetAllLabel() will perform rollback in case of failure by calling virSecurityManagerRestoreAllLabel(). But in order to do that, the former needs to have @migrated argument so that it can be passed to the latter. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCole Robinson <crobinso@redhat.com>
-
由 Daniel P. Berrangé 提交于
The usleep function was missing on older mingw versions, but we can rely on it existing everywhere these days. It may only support times upto 1 second in duration though, so we'll prefer to use g_usleep instead. The commandhelper program is not changed since that can't link to glib. Fortunately it doesn't need to build on Windows platforms either. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
g_strerror is offers the safety/correctness benefits of strerror_r, with the API design convenience of strerror. Use of virStrerror should be eliminated through the codebase in favour of g_strerror. commandhelper.c is a special case as its a tiny single threaded test program, not linked to glib, so it just uses traditional strerror(). Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Converting from virObject to GObject is reasonably straightforward, as illustrated by this patch for virIdentity In the header file - Remove typedef struct _virIdentity virIdentity - Add #define VIR_TYPE_IDENTITY virIdentity_get_type () G_DECLARE_FINAL_TYPE (virIdentity, vir_identity, VIR, IDENTITY, GObject); Which provides the typedef we just removed, and class declaration boilerplate and various other constants/macros. In the source file - Change 'virObject parent' to 'GObject parent' in the struct - Remove the virClass variable and its initializing call - Add G_DEFINE_TYPE(virIdentity, vir_identity, G_TYPE_OBJECT) which declares the instance & class constructor functions - Add an impl of the instance & class constructors wiring up the finalize method to point to our dispose impl In all files - Replace VIR_AUTOUNREF(virIdentityPtr) with g_autoptr(virIdentity) - Replace virObjectRef/Unref with g_object_ref/unref. Note the latter functions do *NOT* accept a NULL object where as libvirt's do. If you replace g_object_unref with g_clear_object it is NULL safe, but also clears the pointer. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
To simplify the later conversion from virObject to GObject, introduce the use of g_autoptr to the virIdentity implementnation and test suite. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Replace use of the gnulib base64 module with glib's own base64 API family. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Libvirt currently uses the VIR_AUTOUNREF macro for auto cleanup of virObject instances. GLib approaches things differently with GObject, reusing their g_autoptr() concept. This introduces support for g_autoptr() with virObject, to facilitate the conversion to GObject. Only virObject classes which are currently used with VIR_AUTOREF are updated. Any others should be converted to GObject before introducing use of autocleanup. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
To facilitate porting over to glib, this rewrites the auto cleanup macros to use glib's equivalent. As a result it is now possible to use g_autoptr/VIR_AUTOPTR, and g_auto/VIR_AUTOCLEAN, g_autofree/VIR_AUTOFREE interchangably, regardless of which macros were used to declare the cleanup types. Within the scope of any single method, code must remain consistent using either GLib or Libvirt macros, never mixing both. New code must preferentially use the GLib macros, and old code will be converted incrementally. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Using the standard macro will facilitate the conversion to glib's auto cleanup macros. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Convert the string duplication APIs to use the g_strdup family of APIs. We previously used the 'strdup-posix' gnulib module because mingw does not set errno to ENOMEM on failure We previously used the 'strndup' gnulib module because this function does not exist on mingw. We previously used the 'vasprintf' gnulib module because of many GNU supported format specifiers not working on non-Linux platforms. glib's own equivalent standardizes on GNU format specifiers too. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Convert the VIR_ALLOC family of APIs with use of the g_malloc family of APIs. Use of VIR_ALLOC related functions should be incrementally phased out over time, allowing return value checks to be dropped. Use of VIR_FREE should be replaced with auto-cleanup whenever possible. We previously used the 'calloc-posix' gnulib module because mingw does not set errno to ENOMEM on failure. Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Add the main glib.h to internal.h so that all common code can use it. Historically glib allowed applications to register an alternative memory allocator, so mixing g_malloc/g_free with malloc/free was not safe. This was feature was dropped in 2.46.0 with: commit 3be6ed60aa58095691bd697344765e715a327fc1 Author: Alexander Larsson <alexl@redhat.com> Date: Sat Jun 27 18:38:42 2015 +0200 Deprecate and drop support for memory vtables Applications are still encourged to match g_malloc/g_free, but it is no longer a mandatory requirement for correctness, just stylistic. This is explicitly clarified in commit 1f24b36607bf708f037396014b2cdbc08d67b275 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Thu Sep 5 14:37:54 2019 +0100 gmem: clarify that g_malloc always uses the system allocator Applications can still use custom allocators in general, but they must do this by linking to a library that replaces the core malloc/free implemenentation entirely, instead of via a glib specific call. This means that libvirt does not need to be concerned about use of g_malloc/g_free causing an ABI change in the public libary, and can avoid memory copying when talking to external libraries. This patch probes for glib, which provides the foundation layer with a collection of data structures, helper APIs, and platform portability logic. Later patches will introduce linkage to gobject which provides the object type system, built on glib, and gio which providing objects for various interesting tasks, most notably including DBus client and server support and portable sockets APIs, but much more too. Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Prepare for linking with glib by probing for it at configure time. Per supported platforms target, the min glib versions on relevant distros are: RHEL-8: 2.56.1 RHEL-7: 2.50.3 Debian (Buster): 2.58.3 Debian (Stretch): 2.50.3 OpenBSD (Ports): 2.58.3 FreeBSD (Ports): 2.56.3 OpenSUSE Leap 15: 2.54.3 SLE12-SP2: 2.48.2 Ubuntu (Xenial): 2.48.0 macOS (Homebrew): 2.56.0 This suggests that a minimum glib of 2.48 is a reasonable target. This aligns with the minimum version required by qemu too. We must disable the bad-function-cast warning as various GLib APIs and macros will trigger this. Reviewed-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 12 10月, 2019 13 次提交
-
-
由 Cole Robinson 提交于
We mirror the labeling strategy that was used for its top image Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
This will be used for recursing into externalDataStore Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
Rename the existing virSecuritySELinuxRestoreImageLabelInt to virSecuritySELinuxRestoreImageLabelSingle, and extend the new ImageLabelInt handle externalDataStore Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
This will simplify future patches and make the logic easier to follow Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
The only caller always passes in a non-null parent Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
All the SetFileCon calls only differ by the label they pass in. Rework the conditionals to track what label we need, and use a single SetFileCon call Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
We mirror the labeling strategy that was used for its sibling image Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
This will be used for recursing into externalDataStore Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
Rename the existing virSecurityDACRestoreImageLabelInt to virSecurityDACRestoreImageLabelSingle, and extend the new ImageLabelInt handle externalDataStore Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
This will simplify future patches and make the logic easier to follow Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
The only caller always passes in a non-null parent Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
Add virStorageSourceNewFromExternalData, similar to virStorageSourceNewFromBacking and use it to fill in a virStorageSource for externalDataStore Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-
由 Cole Robinson 提交于
Add the plumbing to track a externalDataStoreRaw as a virStorageSource Reviewed-by: NDaniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NCole Robinson <crobinso@redhat.com>
-