- 16 10月, 2015 3 次提交
-
-
由 Michal Privoznik 提交于
This is pure code adjustment. The structure is going to be needed later as it will hold a reference that will be used to talk to virtlockd. However, so far this is no functional change just code preparation. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
It's better if we stat() file that we are about to chown() at first and check if there's something we need to change. Not that it would make much difference, but for the upcoming patches we need to be doing stat() anyway. Moreover, if we do things this way, we can drop @chown_errno variable which will become redundant. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Correctly mark the places where we need to remember and recall file ownership. We don't want to mislead any potential developer. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 24 8月, 2015 2 次提交
-
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
SELinux security driver already does that, but DAC driver somehow missed the memo. Let's fix it so it works the same way. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 11 12月, 2014 2 次提交
-
-
由 Ján Tomko 提交于
Add missing ATTRIBUTE_UNUSED markers.
-
由 Luyao Huang 提交于
When using qemuProcessAttach to attach a qemu process, the DAC label is not filled correctly. Introduce a new function to get the uid:gid from the system and fill the label. This fixes the daemon crash when 'virsh screenshot' is called: https://bugzilla.redhat.com/show_bug.cgi?id=1161831 It also fixes qemu-attach after the prerequisite of this patch (commit f8c1fb3d) was pushed out of order. Signed-off-by: NLuyao Huang <lhuang@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 25 9月, 2014 1 次提交
-
-
由 Cole Robinson 提交于
The check for ISCSI devices was missing a check of subsys type, which meant we could skip labelling of other host devices as well. This fixes USB hotplug on F21 https://bugzilla.redhat.com/show_bug.cgi?id=1145968
-
- 10 9月, 2014 1 次提交
-
-
由 Michal Privoznik 提交于
QEMU now supports UEFI with the following command line: -drive file=/usr/share/OVMF/OVMF_CODE.fd,if=pflash,format=raw,unit=0,readonly=on \ -drive file=/usr/share/OVMF/OVMF_VARS.fd,if=pflash,format=raw,unit=1 \ where the first line reflects <loader> and the second one <nvram>. Moreover, these two lines obsolete the -bios argument. Note that UEFI is unusable without ACPI. This is handled properly now. Among with this extension, the variable file is expected to be writable and hence we need security drivers to label it. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Acked-by: NLaszlo Ersek <lersek@redhat.com>
-
- 24 7月, 2014 8 次提交
-
-
由 John Ferlan 提交于
Create the structures and API's to hold and manage the iSCSI host device. This extends the 'scsi_host' definitions added in commit id '5c811dce'. A future patch will add the XML parsing, but that code requires some infrastructure to be in place first in order to handle the differences between a 'scsi_host' and an 'iSCSI host' device.
-
由 John Ferlan 提交于
Split virDomainHostdevSubsysSCSI further. In preparation for having either SCSI or iSCSI data, create a union in virDomainHostdevSubsysSCSI to contain just a virDomainHostdevSubsysSCSIHost to describe the 'scsi_host' host device
-
由 John Ferlan 提交于
Create a separate typedef for the hostdev union data describing SCSI Then adjust the code to use the new pointer
-
由 John Ferlan 提交于
Create a separate typedef for the hostdev union data describing PCI. Then adjust the code to use the new pointer
-
由 John Ferlan 提交于
Create a separate typedef for the hostdev union data describing USB. Then adjust the code to use the new pointer
-
由 Peter Krempa 提交于
Use the callback to set disk and storage image labels by modifying the existing functions and adding wrappers to avoid refactoring a lot of the code.
-
由 Peter Krempa 提交于
To integrate the security driver with the storage driver we need to pass a callback for a function that will chown storage volumes. Introduce and document the callback prototype.
-
由 Peter Krempa 提交于
When restoring security labels in the dac driver the code would resolve the file path and use the resolved one to be chown-ed. The setting code doesn't do that. Remove the unnecessary code.
-
- 11 7月, 2014 2 次提交
-
-
由 Michal Privoznik 提交于
Similarly to the previous commit, boolean variables should not start with 'no-' prefix. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
This negation in names of boolean variables is driving me insane. The code is much more readable if we drop the 'no-' prefix. Well, at least for me. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 09 7月, 2014 2 次提交
-
-
由 Peter Krempa 提交于
Refactor the code and reuse it to implement the functionality.
-
由 Peter Krempa 提交于
Refactor the existing code to allow re-using it for the per-image label restore too.
-
- 08 7月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
In the future we might need to track state of individual images. Move the readonly and shared flags to the virStorageSource struct so that we can keep them in a per-image basis.
-
- 26 6月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
I'm going to add functions that will deal with individual image files rather than whole disks. Rename the security function to make room for the new one.
-
- 20 6月, 2014 3 次提交
-
-
由 Peter Krempa 提交于
I'm going to add functions that will deal with individual image files rather than whole disks. Rename the security function to make room for the new one.
-
由 Peter Krempa 提交于
Also remove one spurious ATTRIBUTE_UNUSED guarding the @migrated argument.
-
由 Peter Krempa 提交于
The image labels are stored in the virStorageSource struct. Convert the virDomainDiskDefGetSecurityLabelDef helper not to use the full disk def and move it appropriately.
-
- 12 6月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
A network disk might actually be backed by local storage. Also the path iterator actually handles networked disks well now so remove the code that skips the labelling in dac and selinux security driver.
-
- 03 6月, 2014 2 次提交
-
-
由 Julio Faracco 提交于
In "src/conf/domain_conf.h" there are many enum declarations. The cleanup in this header filer was started, but it wasn't enough and there are many other files that has enum variables declared. So, the commit was starting to be big. This commit finish the cleanup in this header file and in other files that has enum variables, parameters, or functions declared. Signed-off-by: NJulio Faracco <jcfaracco@gmail.com> Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Julio Faracco 提交于
In "src/conf/domain_conf.h" there are many enumerations (enum) declarations to be converted as a typedef too. As mentioned before, it's better to use a typedef for variable types, function types and other usages. I think this file has most of those enum declarations at "src/conf/". So, me and Eric Blake plan to keep the cleanups all over the source code. This time, most of the files changed in this commit are related to part of one file: "src/conf/domain_conf.h". Signed-off-by: NJulio Faracco <jcfaracco@gmail.com>
-
- 19 5月, 2014 2 次提交
-
-
由 Ján Tomko 提交于
With dynamic_ownership = 1 but no seclabels, RestoreChardevLabel dereferences the NULL seclabel when checking if norelabel is set. Remove this check, since it is already done in RestoreSecurityAllLabel and if norelabel is set, RestoreChardevLabel is never called.
-
由 Michal Privoznik 提交于
The domain definition is clearly used a few lines below so there's no need to mark @def as unused. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 17 5月, 2014 7 次提交
-
-
由 Jim Fehlig 提交于
The DAC driver ignores the relabel='no' attribute in chardev config <serial type='file'> <source path='/tmp/jim/test.file'> <seclabel model='dac' relabel='no'/> </source> <target port='0'/> </serial> This patch avoids labeling chardevs when relabel='no' is specified. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
When relabel='no' at the domain level, there is no need to call the hostdev relabeling functions. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=999301 The DAC driver ignores the relabel='no' attribute in disk config <disk type='file' device='floppy'> <driver name='qemu' type='raw'/> <source file='/some/path/floppy.img'> <seclabel model='dac' relabel='no'/> </source> <target dev='fda' bus='fdc'/> <readonly/> </disk> This patch avoid labeling disks when relabel='no' is specified. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
If relabel='no' at the domain level, no need to attempt relabeling in virSecurityDAC{Set,Restore}SecurityAllLabel(). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
Currently, the DAC security driver passes callback data as void params[2]; params[0] = mgr; params[1] = def; Clean this up by defining a structure for passing the callback data. Moreover, there's no need to pass the whole virDomainDef in the callback as the only thing needed in the callbacks is virSecurityLabelDefPtr. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
In switch statements, use enum types since it is safer when adding new items to the enum. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
由 Jim Fehlig 提交于
Annotate some static function parameters with ATTRIBUTE_NONNULL and remove checks for NULL inputs. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-
- 15 5月, 2014 2 次提交
-
-
由 Jim Fehlig 提交于
-
由 Jim Fehlig 提交于
-