- 16 7月, 2014 1 次提交
-
-
由 Cédric Bosdonnat 提交于
Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default. This profile allows quite a lot, but strives to restrict access to dangerous resources. Removing the explicit authorizations to bash, systemd and cron files, forces them to keep the lxc profile for all applications inside the container. PUx permissions where leading to running systemd (and others tasks) unconfined. Put the generic files, network and capabilities restrictions directly in the TEMPLATE.lxc: this way, users can restrict them on a per container basis.
-
- 04 3月, 2014 1 次提交
-
-
由 Cédric Bosdonnat 提交于
use_apparmor() was first designed to be called from withing libvirtd, but libvirt_lxc also uses it. in libvirt_lxc, there is no need to check whether to use apparmor or not: just use it if possible.
-
- 12 2月, 2014 1 次提交
-
-
由 Cédric Bosdonnat 提交于
The security driver expects /etc/apparmor.d/libvirt/TEMPLATE but we installed it to /etc/apparmor.d/libvirtd/TEMPLATE. Move the template to the expected place since that code was here long before.
-
- 08 1月, 2014 1 次提交
-
-
由 Guido Günther 提交于
Make it easy to install the shipped examples. The aim is to have reasonably working templates so that distros only need to minimally patch these and can feed things upstream more easily. This was prompted by http://bugs.debian.org/725144
-
- 21 5月, 2013 1 次提交
-
-
由 Eric Blake 提交于
Several files called out COPYING or COPYING.LIB instead of using the normal boilerplate. It's especially important that we don't call out COPYING from an LGPL file, since COPYING is traditionally used for the GPL. A few files were lacking copyright altogether. * src/rpc/gendispatch.pl: Add missing copyright. * Makefile.nonreentrant: Likewise. * src/check-symfile.pl: Likewise. * src/check-symsorting.pl: Likewise. * src/driver.h: Likewise. * src/internal.h: Likewise. * tools/libvirt-guests.sh.in: Likewise. * tools/virt-pki-validate.in: Mention copyright in comment, not just code. * tools/virt-sanlock-cleanup.in: Likewise. * src/rpc/genprotocol.pl: Spell out license terms. * src/xen/xend_internal.h: Likewise. * src/xen/xend_internal.c: Likewise. * Makefile.am: Likewise. * daemon/Makefile.am: Likewise. * docs/Makefile.am: Likewise. * docs/schemas/Makefile.am: Likewise. * examples/apparmor/Makefile.am: Likewise. * examples/domain-events/events-c/Makefile.am: Likewise. * examples/dominfo/Makefile.am: Likewise. * examples/domsuspend/Makefile.am: Likewise. * examples/hellolibvirt/Makefile.am: Likewise. * examples/openauth/Makefile.am: Likewise. * examples/python/Makefile.am: Likewise. * examples/systemtap/Makefile.am: Likewise. * examples/xml/nwfilter/Makefile.am: Likewise. * gnulib/lib/Makefile.am: Likewise. * gnulib/tests/Makefile.am: Likewise. * include/Makefile.am: Likewise. * include/libvirt/Makefile.am: Likewise. * python/Makefile.am: Likewise. * python/tests/Makefile.am: Likewise. * src/Makefile.am: Likewise. * tests/Makefile.am: Likewise. * tools/Makefile.am: Likewise. * configure.ac: Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 29 7月, 2011 1 次提交
-
-
由 Eric Blake 提交于
I went with the shorter license notice used by src/libvirt.c, rather than spelling out the full LGPLv2+ clause into each of these files. * configure.ac: Declare copyright. * all Makefile.am: Likewise.
-
- 14 12月, 2009 1 次提交
-
-
由 Jamie Strandboge 提交于
tests/virt-aa-helper-test and examples/apparmor are not included in official tarballs, but should be. Attached is a patch to fix that which works when apparmor is and is not available.
-