1. 11 7月, 2013 1 次提交
  2. 10 7月, 2013 1 次提交
  3. 26 6月, 2013 1 次提交
  4. 24 5月, 2013 1 次提交
  5. 23 5月, 2013 1 次提交
  6. 21 5月, 2013 1 次提交
  7. 13 5月, 2013 1 次提交
  8. 11 5月, 2013 1 次提交
    • L
      util: move virFile* functions from virutil.c to virfile.c · bfe7721d
      Laine Stump 提交于
      These all existed before virfile.c was created, and for some reason
      weren't moved.
      
      This is mostly straightfoward, although the syntax rule prohibiting
      write() had to be changed to have an exception for virfile.c instead
      of virutil.c.
      
      This movement pointed out that there is a function called
      virBuildPath(), and another almost identical function called
      virFileBuildPath(). They really should be a single function, which
      I'll take care of as soon as I figure out what the arglist should look
      like.
      bfe7721d
  9. 02 5月, 2013 1 次提交
    • M
      virutil: Move string related functions to virstring.c · 7c9a2d88
      Michal Privoznik 提交于
      The source code base needs to be adapted as well. Some files
      include virutil.h just for the string related functions (here,
      the include is substituted to match the new file), some include
      virutil.h without any need (here, the include is removed), and
      some require both.
      7c9a2d88
  10. 30 4月, 2013 1 次提交
  11. 27 4月, 2013 1 次提交
  12. 26 4月, 2013 2 次提交
    • L
      security: update hostdev labelling functions for VFIO · f0bd70a9
      Laine Stump 提交于
      Legacy kvm style pci device assignment requires changes to the
      labelling of several sysfs files for each device, but for vfio device
      assignment, the only thing that needs to be relabelled/chowned is the
      "group" device for the group that contains the device to be assigned.
      f0bd70a9
    • L
      conf: put hostdev pci address in a struct · 9f80fc1b
      Laine Stump 提交于
      There will soon be other items related to pci hostdevs that need to be
      in the same part of the hostdevsubsys union as the pci address (which
      is currently a single member called "pci". This patch replaces the
      single member named pci with a struct named pci that contains a single
      member named "addr".
      9f80fc1b
  13. 13 4月, 2013 1 次提交
  14. 20 3月, 2013 1 次提交
  15. 16 2月, 2013 1 次提交
    • J
      security: Remove unnecessary checks for mgr == NULL · 676688b6
      John Ferlan 提交于
      Coverity found the DACGenLabel was checking for mgr == NULL after a
      possible dereference; however, in order to get into the function the
      virSecurityManagerGenLabel would have already dereferenced sec_managers[i]
      so the check was unnecessary. Same check is made in SELinuxGenSecurityLabel.
      676688b6
  16. 14 2月, 2013 1 次提交
    • L
      security: add new virSecurityManagerSetChildProcessLabel API · 7bf1aa0b
      Laine Stump 提交于
      The existing virSecurityManagerSetProcessLabel() API is designed so
      that it must be called after forking the child process, but before
      exec'ing the child. Due to the way the virCommand API works, that
      means it needs to be put in a "hook" function that virCommand is told
      to call out to at that time.
      
      Setting the child process label is a basic enough need when executing
      any process that virCommand should have a method of doing that. But
      virCommand must be told what label to set, and only the security
      driver knows the answer to that question.
      
      The new virSecurityManagerSet*Child*ProcessLabel() API is the way to
      transfer the knowledge about what label to set from the security
      driver to the virCommand object. It is given a virCommandPtr, and each
      security driver calls the appropriate virCommand* API to tell
      virCommand what to do between fork and exec.
      
      1) in the case of the DAC security driver, it calls
      virCommandSetUID/GID() to set a uid and gid that must be set for the
      child process.
      
      2) for the SELinux security driver, it calls
      virCommandSetSELinuxLabel() to save a copy of the char* that will be
      sent to setexeccon_raw() *after forking the child process*.
      
      3) for the AppArmor security drivers, it calls
      virCommandSetAppArmorProfile() to save a copy of the char* that will
      be sent to aa_change_profile() *after forking the child process*.
      
      With this new API in place, we will be able to remove
      virSecurityManagerSetProcessLabel() from any virCommand pre-exec
      hooks.
      
      (Unfortunately, the LXC driver uses clone() rather than virCommand, so
      it can't take advantage of this new security driver API, meaning that
      we need to keep around the older virSecurityManagerSetProcessLabel(),
      at least for now.)
      7bf1aa0b
  17. 06 2月, 2013 2 次提交
  18. 22 1月, 2013 1 次提交
  19. 21 12月, 2012 7 次提交
  20. 18 12月, 2012 1 次提交
  21. 02 11月, 2012 1 次提交
  22. 23 10月, 2012 2 次提交
    • E
      build: print uids as unsigned · add633bd
      Eric Blake 提交于
      Reported by Michal Privoznik.
      
      * src/security/security_dac.c (virSecurityDACGenLabel): Use
      correct format.
      add633bd
    • E
      build: use correct printf types for uid/gid · 23a4df88
      Eric Blake 提交于
      Fixes a build failure on cygwin:
      cc1: warnings being treated as errors
      security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
      security/security_dac.c:862:5: error: format '%u' expects type 'unsigned int', but argument 7 has type 'uid_t' [-Wformat]
      security/security_dac.c:862:5: error: format '%u' expects type 'unsigned int', but argument 8 has type 'gid_t' [-Wformat]
      
      * src/security/security_dac.c (virSecurityDACSetProcessLabel)
      (virSecurityDACGenLabel): Use proper casts.
      23a4df88
  23. 20 10月, 2012 1 次提交
    • E
      storage: use cache to walk backing chain · 38c4a9cc
      Eric Blake 提交于
      We used to walk the backing file chain at least twice per disk,
      once to set up cgroup device whitelisting, and once to set up
      security labeling.  Rather than walk the chain every iteration,
      which possibly includes calls to fork() in order to open root-squashed
      NFS files, we can exploit the cache of the previous patch.
      
      * src/conf/domain_conf.h (virDomainDiskDefForeachPath): Alter
      signature.
      * src/conf/domain_conf.c (virDomainDiskDefForeachPath): Require caller
      to supply backing chain via disk, if recursion is desired.
      * src/security/security_dac.c
      (virSecurityDACSetSecurityImageLabel): Adjust caller.
      * src/security/security_selinux.c
      (virSecuritySELinuxSetSecurityImageLabel): Likewise.
      * src/security/virt-aa-helper.c (get_files): Likewise.
      * src/qemu/qemu_cgroup.c (qemuSetupDiskCgroup)
      (qemuTeardownDiskCgroup): Likewise.
      (qemuSetupCgroup): Pre-populate chain.
      38c4a9cc
  24. 15 10月, 2012 1 次提交
    • G
      selinux: add security selinux function to label tapfd · ae368ebf
      Guannan Ren 提交于
      BZ:https://bugzilla.redhat.com/show_bug.cgi?id=851981
      When using macvtap, a character device gets first created by
      kernel with name /dev/tapN, its selinux context is:
      system_u:object_r:device_t:s0
      
      Shortly, when udev gets notification when new file is created
      in /dev, it will then jump in and relabel this file back to the
      expected default context:
      system_u:object_r:tun_tap_device_t:s0
      
      There is a time gap happened.
      Sometimes, it will have migration failed, AVC error message:
      type=AVC msg=audit(1349858424.233:42507): avc:  denied  { read write } for
      pid=19926 comm="qemu-kvm" path="/dev/tap33" dev=devtmpfs ino=131524
      scontext=unconfined_u:system_r:svirt_t:s0:c598,c908
      tcontext=system_u:object_r:device_t:s0 tclass=chr_file
      
      This patch will label the tapfd device before qemu process starts:
      system_u:object_r:tun_tap_device_t:MCS(MCS from seclabel->label)
      ae368ebf
  25. 11 10月, 2012 1 次提交
  26. 09 10月, 2012 1 次提交
  27. 03 10月, 2012 1 次提交
    • M
      security: also parse user/group names instead of just IDs for DAC labels · 60469dd1
      Marcelo Cerri 提交于
      The DAC driver is missing parsing of group and user names for DAC labels
      and currently just parses uid and gid. This patch extends it to support
      names, so the following security label definition is now valid:
      
        <seclabel type='static' model='dac' relabel='yes'>
            <label>qemu:qemu</label>
            <imagelabel>qemu:qemu</imagelabel>
        </seclabel>
      
      When it tries to parse an owner or a group, it first tries to resolve it as
      a name, if it fails or it's an invalid user/group name then it tries to
      parse it as an UID or GID. A leading '+' can also be used for both owner and
      group to force it to be parsed as IDs, so the following example is also
      valid:
      
        <seclabel type='static' model='dac' relabel='yes'>
            <label>+101:+101</label>
            <imagelabel>+101:+101</imagelabel>
        </seclabel>
      
      This ensures that UID 101 and GUI 101 will be used instead of an user or
      group named "101".
      60469dd1
  28. 21 9月, 2012 1 次提交
  29. 20 9月, 2012 1 次提交
    • P
      security: Don't ignore errors when parsing DAC security labels · ede89aab
      Peter Krempa 提交于
      The DAC security driver silently ignored errors when parsing the DAC
      label and used default values instead.
      
      With a domain containing the following label definition:
      
      <seclabel type='static' model='dac' relabel='yes'>
        <label>sdfklsdjlfjklsdjkl</label>
      </seclabel>
      
      the domain would start normaly but the disk images would be still owned
      by root and no error was displayed.
      
      This patch changes the behavior if the parsing of the label fails (note
      that a not present label is not a failure and in this case the default
      label should be used) the error isn't masked but is raised that causes
      the domain start to fail with a descriptive error message:
      
      virsh #  start tr
      error: Failed to start domain tr
      error: internal error invalid argument: failed to parse DAC seclabel
      'sdfklsdjlfjklsdjkl' for domain 'tr'
      
      I also changed the error code to "invalid argument" from "internal
      error" and tweaked the various error messages to contain correct and
      useful information.
      ede89aab
  30. 29 8月, 2012 2 次提交