- 06 7月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
When no <seclabel> is present in the XML, the virDomainSeclabelDef struct is left as all zeros. Unfortunately, this means it gets setup as type=dynamic, with relabel=no, which is an illegal combination. Change the 'bool relabel' attribute in virDomainSeclabelDef to the inverse 'bool norelabel' so that the default initialization is sensible * src/conf/domain_conf.c, src/conf/domain_conf.h, src/security/security_apparmor.c, src/security/security_selinux.c: Replace 'relabel' with 'norelabel'
-
- 04 7月, 2011 2 次提交
-
-
由 Daniel P. Berrange 提交于
Add a new attribute to the <seclabel> XML to allow resource relabelling to be enabled with static label usage. <seclabel model='selinux' type='static' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c392,c662</label> </seclabel> * docs/schemas/domain.rng: Add relabel attribute * src/conf/domain_conf.c, src/conf/domain_conf.h: Parse the 'relabel' attribute * src/qemu/qemu_process.c: Unconditionally clear out the 'imagelabel' attribute * src/security/security_apparmor.c: Skip based on 'relabel' attribute instead of label type * src/security/security_selinux.c: Skip based on 'relabel' attribute instead of label type and fill in <imagelabel> attribute if relabel is enabled.
-
由 Daniel P. Berrange 提交于
Normally the dynamic labelling mode will always use a base label of 'svirt_t' for VMs. Introduce a <baselabel> field in the <seclabel> XML to allow this base label to be changed eg <seclabel type='dynamic' model='selinux'> <baselabel>system_u:object_r:virt_t:s0</baselabel> </seclabel> * docs/schemas/domain.rng: Add <baselabel> * src/conf/domain_conf.c, src/conf/domain_conf.h: Parsing of base label * src/qemu/qemu_process.c: Don't reset 'model' attribute if a base label is specified * src/security/security_apparmor.c: Refuse to support base label * src/security/security_selinux.c: Use 'baselabel' when generating label, if available
-
- 28 6月, 2011 2 次提交
-
-
由 Daniel P. Berrange 提交于
Add a new security driver method for labelling an FD with the process label, rather than the image label * src/libvirt_private.syms, src/security/security_apparmor.c, src/security/security_dac.c, src/security/security_driver.h, src/security/security_manager.c, src/security/security_manager.h, src/security/security_selinux.c, src/security/security_stack.c: Add virSecurityManagerSetProcessFDLabel & impl
-
由 Daniel P. Berrange 提交于
The virSecurityManagerSetFDLabel method is used to label file descriptors associated with disk images. There will shortly be a need to label other file descriptors in a different way. So the current name is ambiguous. Rename the method to virSecurityManagerSetImageFDLabel to clarify its purpose * src/libvirt_private.syms, src/qemu/qemu_migration.c, src/qemu/qemu_process.c, src/security/security_apparmor.c, src/security/security_dac.c, src/security/security_driver.h, src/security/security_manager.c, src/security/security_manager.h, src/security/security_selinux.c, src/security/security_stack.c: s/FDLabel/ImageFDLabel/
-
- 06 5月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
When setting up a FIFO for QEMU, it allows either a pair of fifos used unidirectionally, or a single fifo used bidirectionally. Look for the bidirectional fifo first when labelling since that is more useful * src/security/security_dac.c, src/security/security_selinux.c: Fix fifo handling
-
- 05 4月, 2011 1 次提交
-
-
由 Eric Blake 提交于
Even with -Wuninitialized (which is part of autobuild.sh --enable-compile-warnings=error), gcc does NOT catch this use of an uninitialized variable: { if (cond) goto error; int a = 1; error: printf("%d", a); } which prints 0 (supposing the stack started life wiped) if cond was true. Clang will catch it, but we don't use clang as often. Using gcc -Wjump-misses-init catches it, but also gives false positives: { if (cond) goto error; int a = 1; return a; error: return 0; } Here, a was never used in the scope of the error block, so declaring it after goto is technically fine (and clang agrees). However, given that our HACKING already documents a preference to C89 decl-before-statement, the false positive warning is enough of a prod to comply with HACKING. [Personally, I'd _really_ rather use C99 decl-after-statement to minimize scope, but until gcc can efficiently and reliably catch scoping and uninitialized usage bugs, I'll settle with the compromise of enforcing a coding standard that happens to reject false positives if it can also detect real bugs.] * acinclude.m4 (LIBVIRT_COMPILE_WARNINGS): Add -Wjump-misses-init. * src/util/util.c (__virExec): Adjust offenders. * src/conf/domain_conf.c (virDomainTimerDefParseXML): Likewise. * src/remote/remote_driver.c (doRemoteOpen): Likewise. * src/phyp/phyp_driver.c (phypGetLparNAME, phypGetLparProfile) (phypGetVIOSFreeSCSIAdapter, phypVolumeGetKey) (phypGetStoragePoolDevice) (phypVolumeGetPhysicalVolumeByStoragePool) (phypVolumeGetPath): Likewise. * src/vbox/vbox_tmpl.c (vboxNetworkUndefineDestroy) (vboxNetworkCreate, vboxNetworkDumpXML) (vboxNetworkDefineCreateXML): Likewise. * src/xenapi/xenapi_driver.c (getCapsObject) (xenapiDomainDumpXML): Likewise. * src/xenapi/xenapi_utils.c (createVMRecordFromXml): Likewise. * src/security/security_selinux.c (SELinuxGenNewContext): Likewise. * src/qemu/qemu_command.c (qemuBuildCommandLine): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainChangeEjectableMedia): Likewise. * src/qemu/qemu_process.c (qemuProcessWaitForMonitor): Likewise. * src/qemu/qemu_monitor_text.c (qemuMonitorTextGetPtyPaths): Likewise. * src/qemu/qemu_driver.c (qemudDomainShutdown) (qemudDomainBlockStats, qemudDomainMemoryPeek): Likewise. * src/storage/storage_backend_iscsi.c (virStorageBackendCreateIfaceIQN): Likewise. * src/node_device/node_device_udev.c (udevProcessPCI): Likewise.
-
- 04 2月, 2011 1 次提交
-
-
由 Eric Blake 提交于
* src/security/security_selinux.c (SELinuxRestoreSecuritySmartcardCallback) (SELinuxSetSecuritySmartcardCallback): New helper functions. (SELinuxRestoreSecurityAllLabel, SELinuxSetSecurityAllLabel): Use them.
-
- 26 1月, 2011 1 次提交
-
-
由 Laine Stump 提交于
A need was found to set the SELinux context label on an open fd (a pipe, as a matter of fact). This patch adds a function to the security driver API that will set the label on an open fd to secdef.label. For all drivers other than the SELinux driver, it's a NOP. For the SElinux driver, it calls fsetfilecon(). If the return is a failure, it only returns error up to the caller if 1) the desired label is different from the existing label, 2) the destination fd is of a type that supports setting the selinux context, and 3) selinux is in enforcing mode. Otherwise it will return success. This follows the pattern of the existing function SELinuxSetFilecon().
-
- 15 1月, 2011 1 次提交
-
-
由 Eric Blake 提交于
This opens up the possibility of reusing the smaller ChrSourceDef for both qemu monitor and a passthrough smartcard device. * src/conf/domain_conf.h (_virDomainChrDef): Factor host details... (_virDomainChrSourceDef): ...into new struct. (virDomainChrSourceDefFree): New prototype. * src/conf/domain_conf.c (virDomainChrDefFree) (virDomainChrDefParseXML, virDomainChrDefFormat): Split... (virDomainChrSourceDefClear, virDomainChrSourceDefFree) (virDomainChrSourceDefParseXML, virDomainChrSourceDefFormat): ...into new functions. (virDomainChrDefParseTargetXML): Update clients to reflect type split. * src/vmx/vmx.c (virVMXParseSerial, virVMXParseParallel) (virVMXFormatSerial, virVMXFormatParallel): Likewise. * src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise. * src/xen/xend_internal.c (xenDaemonParseSxprChar) (xenDaemonFormatSxprChr): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxAttachSerial) (vboxAttachParallel): Likewise. * src/security/security_dac.c (virSecurityDACSetChardevLabel) (virSecurityDACSetChardevCallback) (virSecurityDACRestoreChardevLabel) (virSecurityDACRestoreChardevCallback): Likewise. * src/security/security_selinux.c (SELinuxSetSecurityChardevLabel) (SELinuxSetSecurityChardevCallback) (SELinuxRestoreSecurityChardevLabel) (SELinuxSetSecurityChardevCallback): Likewise. * src/security/virt-aa-helper.c (get_files): Likewise. * src/lxc/lxc_driver.c (lxcVmStart, lxcDomainOpenConsole): Likewise. * src/uml/uml_conf.c (umlBuildCommandLineChr): Likewise. * src/uml/uml_driver.c (umlIdentifyOneChrPTY, umlIdentifyChrPTY) (umlDomainOpenConsole): Likewise. * src/qemu/qemu_command.c (qemuBuildChrChardevStr) (qemuBuildChrArgStr, qemuBuildCommandLine) (qemuParseCommandLineChr): Likewise. * src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLFormat) (qemuDomainObjPrivateXMLParse): Likewise. * src/qemu/qemu_cgroup.c (qemuSetupChardevCgroup): Likewise. * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise. * src/qemu/qemu_driver.c (qemudFindCharDevicePTYsMonitor) (qemudFindCharDevicePTYs, qemuPrepareChardevDevice) (qemuPrepareMonitorChr, qemudShutdownVMDaemon) (qemuDomainOpenConsole): Likewise. * src/qemu/qemu_command.h (qemuBuildChrChardevStr) (qemuBuildChrArgStr): Delete, now that they are static. * src/libvirt_private.syms (domain_conf.h): New exports. * cfg.mk (useless_free_options): Update list. * tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Update tests.
-
- 11 1月, 2011 1 次提交
-
-
由 Daniel P. Berrange 提交于
The current security driver usage requires horrible code like if (driver->securityDriver && driver->securityDriver->domainSetSecurityHostdevLabel && driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver, vm, hostdev) < 0) This pair of checks for NULL clutters up the code, making the driver calls 2 lines longer than they really need to be. The goal of the patchset is to change the calling convention to simply if (virSecurityManagerSetHostdevLabel(driver->securityDriver, vm, hostdev) < 0) The first check for 'driver->securityDriver' being NULL is removed by introducing a 'no op' security driver that will always be present if no real driver is enabled. This guarentees driver->securityDriver != NULL. The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel' being non-NULL is hidden in a new abstraction called virSecurityManager. This separates the driver callbacks, from main internal API. The addition of a virSecurityManager object, that is separate from the virSecurityDriver struct also allows for security drivers to carry state / configuration information directly. Thus the DAC/Stack drivers from src/qemu which used to pull config from 'struct qemud_driver' can now be moved into the 'src/security' directory and store their config directly. * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to use new virSecurityManager APIs * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_dac.h src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h: Move into src/security directory * src/security/security_stack.c, src/security/security_stack.h, src/security/security_dac.c, src/security/security_dac.h: Generic versions of previous QEMU specific drivers * src/security/security_apparmor.c, src/security/security_apparmor.h, src/security/security_driver.c, src/security/security_driver.h, src/security/security_selinux.c, src/security/security_selinux.h: Update to take virSecurityManagerPtr object as the first param in all callbacks * src/security/security_nop.c, src/security/security_nop.h: Stub implementation of all security driver APIs. * src/security/security_manager.h, src/security/security_manager.c: New internal API for invoking security drivers * src/libvirt.c: Add missing debug for security APIs
-
- 21 12月, 2010 2 次提交
-
-
由 Josh Durgin 提交于
Network disks are accessed by qemu directly, and have no associated file on the host, so checking for file ownership etc. is unnecessary. Signed-off-by: NJosh Durgin <joshd@hq.newdream.net>
-
由 Eric Blake 提交于
* configure.ac (with_selinux): Check for <selinux/label.h>. * src/security/security_selinux.c (getContext): New function. (SELinuxRestoreSecurityFileLabel): Use it to restore compilation when using older libselinux.
-
- 14 12月, 2010 1 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=658657 * src/security/security_selinux.c (SELinuxRestoreSecurityFileLabel): Use selabel_lookup instead of matchpathcon. Suggested by Daniel Walsh.
-
- 25 11月, 2010 1 次提交
-
-
由 Eric Blake 提交于
security_context_t happens to be a typedef for char*, and happens to begin with a string usable as a raw context string. But in reality, it is an opaque type that may or may not have additional information after the first NUL byte, where that additional information can include pointers that can only be freed via freecon(). Proof is from this valgrind run of daemon/libvirtd: ==6028== 839,169 (40 direct, 839,129 indirect) bytes in 1 blocks are definitely lost in loss record 274 of 274 ==6028== at 0x4A0515D: malloc (vg_replace_malloc.c:195) ==6028== by 0x3022E0D48C: selabel_open (label.c:165) ==6028== by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296) ==6028== by 0x3022E1190D: matchpathcon (matchpathcon.c:317) ==6028== by 0x4F9D842: SELinuxRestoreSecurityFileLabel (security_selinux.c:382) 800k is a lot of memory to be leaking. * src/storage/storage_backend.c (virStorageBackendUpdateVolTargetInfoFD): Avoid leak on error. * src/security/security_selinux.c (SELinuxReserveSecurityLabel, SELinuxGetSecurityProcessLabel) (SELinuxRestoreSecurityFileLabel): Use correct function to free security_context_t.
-
- 19 11月, 2010 1 次提交
-
-
由 Daniel Veillard 提交于
The code in SELinuxRestoreSecurityChardevLabel() was trying to use SELinuxSetFilecon directly for devices or file types while it should really use SELinuxRestoreSecurityFileLabel encapsulating routine, which avoid various problems like resolving symlinks, making sure he file exists and work around NFS problems
-
- 18 11月, 2010 1 次提交
-
-
由 Eric Blake 提交于
* cfg.mk (sc_prohibit_sprintf): New rule. (sc_prohibit_asprintf): Avoid false positives. * docs/hacking.html.in (Printf-style functions): Document the policy. * HACKING: Regenerate. * .x-sc_prohibit_sprintf: New exemptions. * Makefile.am (syntax_check_exceptions): Ship new file. * src/vbox/vbox_tmpl.c (vboxStartMachine, vboxAttachUSB): Use virAsprintf instead. * src/uml/uml_driver.c (umlOpenMonitor): Use snprintf instead. * tools/virsh.c (cmdDetachInterface): Likewise. * src/security/security_selinux.c (SELinuxGenSecurityLabel): Likewise. * src/openvz/openvz_driver.c (openvzDomainDefineCmd): Likewise, and ensure large enough buffer.
-
- 12 11月, 2010 1 次提交
-
-
由 Laine Stump 提交于
If virDomainAttachDevice() was called with an image that was located on a root-squashed NFS server, and in a directory that was unreadable by root on the machine running libvirtd, the attach would fail due to an attempt to change the selinux label of the image with EACCES (which isn't covered as an ignore case in SELinuxSetFilecon()) NFS doesn't support SELinux labelling anyway, so we mimic the failure handling of commit 93a18bba, which just ignores the errors if the target is on an NFS filesystem (in SELinuxSetSecurityAllLabel() only, though.) This can be seen as a follow-on to commit 347d266c, which ignores file open failures of files on NFS that occur directly in virDomainDiskDefForeachPath() (also necessary), but does not ignore failures in functions that are called from there (eg SELinuxSetSecurityFileLabel()).
-
- 10 11月, 2010 1 次提交
-
-
由 Stefan Berger 提交于
Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
-
- 02 11月, 2010 2 次提交
-
-
由 Daniel P. Berrange 提交于
NFS in root squash mode may prevent opening disk images to determine backing store. Ignore errors in this scenario. * src/security/security_selinux.c: Ignore open failures on disk images
-
由 Daniel P. Berrange 提交于
NFS does not support file labelling, so ignore this error for stdin_path when on NFS. * src/security/security_selinux.c: Ignore failures on labelling stdin_path on NFS * src/util/storage_file.c, src/util/storage_file.h: Refine virStorageFileIsSharedFS() to allow it to check for a specific FS type.
-
- 28 10月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
This reverts commit b8e2de88 The hooks will be re-added in the QEMU driver itself. * src/security/security_selinux.c: Remove audit hooks
-
- 20 10月, 2010 1 次提交
-
-
由 Miloslav Trmač 提交于
A more natural auditing point would perhaps be SELinuxSetSecurityProcessLabel, but this happens in the child after root permissions are dropped, so the kernel would refuse the audit record.
-
- 20 7月, 2010 4 次提交
-
-
由 Daniel P. Berrange 提交于
Disk format probing is now disabled by default. A new config option in /etc/qemu/qemu.conf will re-enable it for existing deployments where this causes trouble
-
由 Daniel P. Berrange 提交于
The implementation of security driver callbacks often needs to access the security driver object. Currently only a handful of callbacks include the driver object as a parameter. Later patches require this is many more places. * src/qemu/qemu_driver.c: Pass in the security driver object to all callbacks * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_apparmor.c, src/security/security_driver.h, src/security/security_selinux.c: Add a virSecurityDriverPtr param to all security callbacks
-
由 Daniel P. Berrange 提交于
Update the QEMU cgroups code, QEMU DAC security driver, SELinux and AppArmour security drivers over to use the shared helper API virDomainDiskDefForeachPath(). * src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c, src/security/security_selinux.c, src/security/virt-aa-helper.c: Convert over to use virDomainDiskDefForeachPath()
-
由 Daniel P. Berrange 提交于
Require the disk image to be passed into virStorageFileGetMetadata. If this is set to VIR_STORAGE_FILE_AUTO, then the format will be resolved using probing. This makes it easier to control when probing will be used * src/qemu/qemu_driver.c, src/qemu/qemu_security_dac.c, src/security/security_selinux.c, src/security/virt-aa-helper.c: Set VIR_STORAGE_FILE_AUTO when calling virStorageFileGetMetadata. * src/storage/storage_backend_fs.c: Probe for disk format before calling virStorageFileGetMetadata. * src/util/storage_file.h, src/util/storage_file.c: Remove format from virStorageFileMeta struct & require it to be passed into method.
-
- 28 6月, 2010 1 次提交
-
-
由 Laine Stump 提交于
Also restore the label to its original value after qemu is finished with the file. Prior to this patch, qemu domain restore did not function properly if selinux was set to enforce.
-
- 25 6月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
When configuring serial, parallel, console or channel devices with a file, dev or pipe backend type, it is necessary to label the file path in the security drivers. For char devices of type file, it is neccessary to pre-create (touch) the file if it does not already exist since QEMU won't be allowed todo so itself. dev/pipe configs already require the admin to pre-create before starting the guest. * src/qemu/qemu_security_dac.c: set file ownership for character devices * src/security/security_selinux.c: Set file labeling for character devices * src/qemu/qemu_driver.c: Add character devices to cgroup ACL
-
- 08 6月, 2010 3 次提交
-
-
由 Daniel P. Berrange 提交于
The restore code is done in places where errors cannot be raised, since they will overwrite over pre-existing errors. * src/security/security_selinux.c: Only warn about failures in label restore, don't report errors
-
由 Daniel J Walsh 提交于
When SELinux is running in MLS mode, libvirtd will have a different security level to the VMs. For libvirtd to be able to connect to the monitor console, the client end of the UNIX domain socket needs a different label. This adds infrastructure to set the socket label via the security driver framework * src/qemu/qemu_driver.c: Call out to socket label APIs in security driver * src/qemu/qemu_security_stacked.c: Wire up socket label drivers * src/security/security_driver.h: Define security driver entry points for socket labelling * src/security/security_selinux.c: Set socket label based on VM label
-
由 Jamie Strandboge 提交于
Adjust args to qemudStartVMDaemon() to also specify path to stdin_fd, so this can be passed to the AppArmor driver via SetSecurityAllLabel(). This updates all calls to qemudStartVMDaemon() as well as setting up the non-AppArmor security driver *SetSecurityAllLabel() declarations for the above. This is required for the following "apparmor-fix-save-restore" patch since AppArmor resolves the passed file descriptor to the pathname given to open().
-
- 19 5月, 2010 1 次提交
-
-
由 Jim Meyering 提交于
Do not require each caller of virStorageFileGetMetadata and virStorageFileGetMetadataFromFD to first clear the storage of the "meta" buffer. Instead, initialize that storage in virStorageFileGetMetadataFromFD. * src/util/storage_file.c (virStorageFileGetMetadataFromFD): Clear "meta" here, not before each of the following callers. * src/qemu/qemu_driver.c (qemuSetupDiskCgroup): Don't clear "meta" here. (qemuTeardownDiskCgroup): Likewise. * src/qemu/qemu_security_dac.c (qemuSecurityDACSetSecurityImageLabel): Likewise. * src/security/security_selinux.c (SELinuxSetSecurityImageLabel): Likewise. * src/security/virt-aa-helper.c (get_files): Likewise.
-
- 18 5月, 2010 1 次提交
-
-
由 Eric Blake 提交于
virFileResolveLink was returning a positive value on error, thus confusing callers that assumed failure was < 0. The confusion is further evidenced by callers that would have ended up calling virReportSystemError with a negative value instead of a valid errno. Fixes Red Hat BZ #591363. * src/util/util.c (virFileResolveLink): Live up to documentation. * src/qemu/qemu_security_dac.c (qemuSecurityDACRestoreSecurityFileLabel): Adjust callers. * src/security/security_selinux.c (SELinuxRestoreSecurityFileLabel): Likewise. * src/storage/storage_backend_disk.c (virStorageBackendDiskDeleteVol): Likewise.
-
- 14 5月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
When QEMU runs with its disk on NFS, and as a non-root user, the disk is chownd to that non-root user. When migration completes the last step is shutting down the QEMU on the source host. THis normally resets user/group/security label. This is bad when the VM was just migrated because the file is still in use on the dest host. It is thus neccessary to skip the reset step for any files found to be on a shared filesystem * src/libvirt_private.syms: Export virStorageFileIsSharedFS * src/util/storage_file.c, src/util/storage_file.h: Add a new method virStorageFileIsSharedFS() to determine if a file is on a shared filesystem (NFS, GFS, OCFS2, etc) * src/qemu/qemu_driver.c: Tell security driver not to reset disk labels on migration completion * src/qemu/qemu_security_dac.c, src/qemu/qemu_security_stacked.c, src/security/security_selinux.c, src/security/security_driver.h, src/security/security_apparmor.c: Add ability to skip disk restore step for files on shared filesystems.
-
- 30 4月, 2010 1 次提交
-
-
由 Jiri Denemark 提交于
-
- 02 4月, 2010 1 次提交
-
-
由 Laine Stump 提交于
(suggested by Daniel Berrange, tested by Dan Kenigsberg) virStorageFileGetMetadata will fail for disk images that are stored on a root-squash NFS share that isn't world-readable. SELinuxSetSecurityImageLabel is called during the startup of every domain (as long as security_driver != "none"), and it will propogate the error from virStorageFileGetMetadata, causing the domain startup to fail. This is, however, a common scenario when qemu is run as a non-root user and the disk image is stored on NFS. Ignoring this failure (which doesn't matter in this case, since the next thing done by SELinuxSetSecurityImageLabel - setting the file context - will also fail (and that function already ignores failures due to root-squash NFS) will allow us to continue bringing up the domain. The result is that we don't need to disable the entire security driver just because a domain's disk image is stored on root-squashed NFS.
-
- 22 3月, 2010 1 次提交
-
-
由 Cole Robinson 提交于
This can be triggered by the qemuStartVMDaemon cleanup path if a VM references a non-existent USB device (by product) in the XML.
-
- 16 3月, 2010 1 次提交
-
-
由 Cole Robinson 提交于
Fixes URL installs when running virt-install as root on Fedora.
-
- 05 3月, 2010 1 次提交
-
-
由 Daniel P. Berrange 提交于
Changeset commit 5073aa99 Author: Cole Robinson <crobinso@redhat.com> Date: Mon Jan 11 11:40:46 2010 -0500 Added support for product/vendor based passthrough, but it only worked at the security driver layer. The main guest XML config was not updated with the resolved bus/device ID. When the QEMU argv refactoring removed use of product/vendor, this then broke launching guests. THe solution is to move the product/vendor resolution up a layer into the QEMU driver. So the first thing QEMU does is resolve the product/vendor to a bus/device and updates the XML config with this info. The rest of the code, including security drivers and QEMU argv generated can now rely on bus/device always being set. * src/util/hostusb.c, src/util/hostusb.h: Split vendor/product resolution code out of usbGetDevice and into usbFindDevice. Add accessors for bus/device ID * src/security/virt-aa-helper.c, src/security/security_selinux.c, src/qemu/qemu_security_dac.c: Remove vendor/product from the usbGetDevice() calls * src/qemu/qemu_driver.c: Use usbFindDevice to resolve vendor/product into a bus/device ID
-