1. 07 3月, 2014 1 次提交
  2. 08 10月, 2013 1 次提交
  3. 10 7月, 2013 1 次提交
  4. 11 6月, 2013 1 次提交
  5. 04 6月, 2013 1 次提交
  6. 11 5月, 2013 1 次提交
    • L
      util: move virFile* functions from virutil.c to virfile.c · bfe7721d
      Laine Stump 提交于
      These all existed before virfile.c was created, and for some reason
      weren't moved.
      
      This is mostly straightfoward, although the syntax rule prohibiting
      write() had to be changed to have an exception for virfile.c instead
      of virutil.c.
      
      This movement pointed out that there is a function called
      virBuildPath(), and another almost identical function called
      virFileBuildPath(). They really should be a single function, which
      I'll take care of as soon as I figure out what the arglist should look
      like.
      bfe7721d
  7. 10 5月, 2013 1 次提交
  8. 02 5月, 2013 1 次提交
    • M
      virutil: Move string related functions to virstring.c · 7c9a2d88
      Michal Privoznik 提交于
      The source code base needs to be adapted as well. Some files
      include virutil.h just for the string related functions (here,
      the include is substituted to match the new file), some include
      virutil.h without any need (here, the include is removed), and
      some require both.
      7c9a2d88
  9. 14 3月, 2013 1 次提交
    • D
      Fix parsing of SELinux ranges without a category · 1732c1c6
      Daniel P. Berrange 提交于
      Normally libvirtd should run with a SELinux label
      
        system_u:system_r:virtd_t:s0-s0:c0.c1023
      
      If a user manually runs libvirtd though, it is sometimes
      possible to get into a situation where it is running
      
        system_u:system_r:init_t:s0
      
      The SELinux security driver isn't expecting this and can't
      parse the security label since it lacks the ':c0.c1023' part
      causing it to complain
      
        internal error Cannot parse sensitivity level in s0
      
      This updates the parser to cope with this, so if no category
      is present, libvirtd will hardcode the equivalent of c0.c1023.
      
      Now this won't work if SELinux is in Enforcing mode, but that's
      not an issue, because the user can only get into this problem
      if in Permissive mode. This means they can now start VMs in
      Permissive mode without hitting that parsing error
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1732c1c6
  10. 26 2月, 2013 1 次提交
    • E
      tests: uniformly report test failures · dce95297
      Eric Blake 提交于
      testutils.c likes to print summaries after a test completes,
      including if it failed.  But if the test outright exit()s,
      this summary is skipped.  Enforce that we return instead of exit.
      
      * cfg.mk (sc_prohibit_exit_in_tests): New syntax check.
      * tests/commandhelper.c (main): Fix offenders.
      * tests/qemumonitorjsontest.c (mymain): Likewise.
      * tests/seclabeltest.c (main): Likewise.
      * tests/securityselinuxlabeltest.c (mymain): Likewise.
      * tests/securityselinuxtest.c (mymain): Likewise.
      * tests/testutils.h (VIRT_TEST_MAIN_PRELOAD): Likewise.
      * tests/testutils.c (virtTestMain): Likewise.
      (virtTestCaptureProgramOutput): Use symbolic name.
      dce95297
  11. 21 12月, 2012 4 次提交
  12. 19 12月, 2012 1 次提交
    • D
      Fix SELinux security label test · 32df483f
      Daniel P. Berrange 提交于
      If securityselinuxtest was run on a system with newer SELinux
      policy it would fail, due to using svirt_tcg_t instead of
      svirt_t. Fixing the domain type to be KVM avoids this issue.
      32df483f
  13. 12 10月, 2012 1 次提交
    • M
      selinux: Use raw contexts · 9674f2c6
      Martin Kletzander 提交于
      We are currently able to work only with non-translated SELinux
      contexts, but we are using functions that work with translated
      contexts throughout the code.  This patch swaps all SELinux context
      translation relative calls with their raw sisters to avoid parsing
      problems.
      
      The problems can be experienced with mcstrans for example.  The
      difference is that if you have translations enabled (yum install
      mcstrans; service mcstrans start), fgetfilecon_raw() will get you
      something like 'system_u:object_r:virt_image_t:s0', whereas
      fgetfilecon() will return 'system_u:object_r:virt_image_t:SystemLow'
      that we cannot parse.
      
      I was trying to confirm that the _raw variants were here since the dawn of
      time, but the only thing I see now is that it was imported together in
      the upstream repo [1] from svn, so before 2008.
      
      Thanks Laurent Bigonville for finding this out.
      
      [1] http://oss.tresys.com/git/selinux.git
      9674f2c6
  14. 21 9月, 2012 1 次提交
  15. 21 8月, 2012 1 次提交
    • D
      Add test case for SELinux label generation · 9136032a
      Daniel P. Berrange 提交于
      This test case validates the correct generation of SELinux labels
      for VMs, wrt the current process label. Since we can't actually
      change the label of the test program process, we create a shared
      library libsecurityselinuxhelper.so which overrides the getcon()
      and setcon() libselinux.so functions. When started the test case
      will check to see if LD_PRELOAD is set, and if not, it will
      re-exec() itself setting LD_PRELOAD=libsecurityselinuxhelper.so
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      9136032a
新手
引导
客服 返回
顶部