- 02 6月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1098659 With parallel boot, network addresses might not yet be assigned [1], but binding to wildcard addresses should work. For non-wildcard addresses, ADDRCONFIG is still used. Document this in libvirtd.conf. [1] http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
-
- 29 4月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
SO_REUSEADDR on Windows is actually akin to SO_REUSEPORT on Linux/BSD. ie it allows 2 apps to listen to the same port at once. Thus we must not set it on Win32 platforms See http://msdn.microsoft.com/en-us/library/windows/desktop/ms740621.aspxSigned-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 25 3月, 2014 1 次提交
-
-
由 Ján Tomko 提交于
-
- 18 3月, 2014 2 次提交
-
-
由 Daniel P. Berrange 提交于
Any source file which calls the logging APIs now needs to have a VIR_LOG_INIT("source.name") declaration at the start of the file. This provides a static variable of the virLogSource type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
The dtrace probe macros rely on the logging API. We can't make the internal.h header include the virlog.h header though since that'd be a circular include. Instead simply split the dtrace probes into their own header file, since there's no compelling reason for them to be in the main internal.h header. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 04 11月, 2013 1 次提交
-
-
由 Ryota Ozaki 提交于
aa0f0992 introduced a strict error checking for getsockopt and it revealed that getting a peer credential of a socket on FreeBSD didn't work. Libvirtd hits the error: error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid client socket identity groups SOL_SOCKET (0xffff) was used as a level of getsockopt for LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as Mac OS X. So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or 0 on Mac OS X and FreeBSD. According to the fact, the patch simplifies the code by removing ifdef __APPLE__. I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1. Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
-
- 22 10月, 2013 1 次提交
-
-
由 Doug Goldstein 提交于
While LOCAL_PEERCRED on the BSDs does not return the pid information of the peer, Mac OS X 10.8 added LOCAL_PEERPID to retrieve the pid so we should use that when its available to get that information.
-
- 21 10月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When running setuid, we must be careful about what env vars we allow commands to inherit from us. Replace the virCommandAddEnvPass function with two new ones which do filtering virCommandAddEnvPassAllowSUID virCommandAddEnvPassBlockSUID And make virCommandAddEnvPassCommon use the appropriate ones Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 17 10月, 2013 1 次提交
-
-
由 Brian Candler 提交于
This patch improves the error checking in the LOCAL_PEERCRED version of virNetSocketGetUNIXIdentity, used by FreeBSD and Mac OSX. 1. The error return paths now correctly unlock the socket. This is implemented in exactly the same way as the SO_PEERCRED version, using "goto cleanup" 2. cr.cr_ngroups is initialised to -1, and cr.cr_ngroups is checked for negative and overlarge values. This means that if the getsockopt() call returns success but doesn't actually update the xucred structure, this is now caught. This happened previously when getsockopt was called with SOL_SOCKET instead of SOL_LOCAL, prior to commit 5a468b38, and resulted in random uids being accepted. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 11 10月, 2013 1 次提交
-
-
由 Doug Goldstein 提交于
Since 5a468b38 we use SOL_LOCAL for the 2nd argument of getsockopt() however Lion added the define SOL_LOCAL set to 0, which is the value to the 2nd argument of getsockopt() for Unix sockets on Mac OS X. So instead of using the define just pass 0 so we restore compatibility with Snow Leopard and Leopard. Reported at https://github.com/mxcl/homebrew/pull/23141
-
- 07 10月, 2013 1 次提交
-
-
由 Ryota Ozaki 提交于
This fixes the following error: error : virGetUserEnt:703 : Failed to find user record for uid '32654' '32654' (it's random and varies) comes from getsockopt with LOCAL_PEERCRED option. getsockopt returns w/o error but seems to not set any value to the buffer for uid. For Mac OS X, LOCAL_PEERCRED has to be used with SOL_LOCAL level. With SOL_LOCAL, getsockopt returns a correct uid. Note that SOL_LOCAL can be found in /System/Library/Frameworks/Kernel.framework/Versions/A/Headers/sys/un.h. Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 28 9月, 2013 2 次提交
-
-
由 Doug Goldstein 提交于
While BSDs don't support process creation timestamp information via PEERCRED for Unix sockets, we need to actually initialize the value because it is used by the libvirt code.
-
由 Doug Goldstein 提交于
Ensure that the socket credentials we got back on BSD are valid before using them.
-
- 24 9月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
To allow creation of a virNetSocketPtr instance from a pre-opened socketpair FD, add a virNetSocketNewConnectSockFD method. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 12 7月, 2013 1 次提交
-
-
由 Peter Krempa 提交于
This patch enables the password authentication in the libssh2 connection driver. There are a few benefits to this step: 1) Hosts with challenge response authentication will now be supported with the libssh2 connection driver. 2) Credential for hosts can now be stored in the authentication credential config file
-
- 11 7月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Convert the type of loop iterators named 'i', 'j', k', 'ii', 'jj', 'kk', to be 'size_t' instead of 'int' or 'unsigned int', also santizing 'ii', 'jj', 'kk' to use the normal 'i', 'j', 'k' naming Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 7月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 23 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
-
- 21 5月, 2013 1 次提交
-
-
由 Osier Yang 提交于
-
- 08 5月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
Since PIDs can be reused, polkit prefers to be given a (PID,start time) pair. If given a PID on its own, it will attempt to lookup the start time in /proc/pid/stat, though this is subject to races. It is safer if the client app resolves the PID start time itself, because as long as the app has the client socket open, the client PID won't be reused. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
There are various methods named "virXXXXSecurityContext", which are specific to SELinux. Rename them all to "virXXXXSELinuxContext". They will still raise errors at runtime if SELinux is not compiled in Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 03 5月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The F_DUPFD_CLOEXEC operation with fcntl() expects a single int argument, specifying the minimum FD number for the newly dup'd file descriptor. We were not specifying that causing random stack data to be accessed as the FD number. Sometimes that worked, sometimes it didn't. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 02 5月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
The source code base needs to be adapted as well. Some files include virutil.h just for the string related functions (here, the include is substituted to match the new file), some include virutil.h without any need (here, the include is removed), and some require both.
-
- 21 3月, 2013 1 次提交
-
-
由 Guido Günther 提交于
but libvirt is built with --with-selinux. In this case getpeercon returns ENOPROTOOPT so don't return an error in that case but simply don't set seccon.
-
- 20 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
The virNetSocket & virIdentity classes accidentally got some conditionals using HAVE_SELINUX instead of WITH_SELINUX. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 19 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
A socket object has various pieces of security data associated with it, such as the SELinux context, the SASL username and the x509 distinguished name. Add new APIs to virNetServerClient and related modules to access this data. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 3月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
When converting to virObject, the probes on the 'Free' functions were removed on the basis that there is a probe on virObjectFree that suffices. This puts a burden on people writing probe scripts to identify which object is being dispose. This adds back probes in the 'Dispose' functions and updates the rpc monitor systemtap example to use them Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 06 2月, 2013 1 次提交
-
-
由 John Ferlan 提交于
-
- 16 1月, 2013 3 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 John Ferlan 提交于
Check status when attempting to set SO_REUSEADDR flag on outgoing connection On failure, VIR_WARN(), but continue to connect. This code path is on the sender side where the setting is just a hint and would only take effect if the sender is overflowed with TCP connections. Inability to set doesn't mean failure to establish a connection.
-
由 Daniel P. Berrange 提交于
Currently all classes must directly inherit from virObject. This allows for arbitrarily deep hierarchy. There's not much to this aside from chaining up the 'dispose' handlers from each class & providing APIs to check types. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 14 1月, 2013 2 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
- 12 1月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Commit 321a7d53 missed a spot. * src/rpc/virnetsocket.c (virNetSocketPreExecRestart): Use right conditional.
-
- 11 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 09 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add checks for existence of GNUTLS and automatically disable it if not found. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 12月, 2012 4 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-