1. 18 6月, 2020 1 次提交
  2. 15 6月, 2020 1 次提交
  3. 10 6月, 2020 1 次提交
  4. 27 5月, 2020 1 次提交
    • C
      security: don't fail if built without attr support · 55029d93
      Christian Ehrhardt 提交于
      If built without attr support removing any image will trigger
       qemuBlockRemoveImageMetadata (the one that emits the warning)
         -> qemuSecurityMoveImageMetadata
           -> virSecurityManagerMoveImageMetadata
             -> virSecurityDACMoveImageMetadata
               -> virSecurityDACMoveImageMetadataHelper
                 -> virProcessRunInFork (spawns subprocess)
                   -> virSecurityMoveRememberedLabel
      
      In there due to !HAVE_LIBATTR virFileGetXAttrQuiet will return
      ENOSYS and from there the chain will error out.
      
      That is wrong and looks like:
        libvirtd[6320]: internal error: child reported (status=125):
        libvirtd[6320]: Unable to remove disk metadata on vm testguest from
        /var/lib/uvtool/libvirt/images/testguest.qcow (disk target vda)
      
      This change makes virSecurityDACMoveImageMetadataHelper and
      virSecuritySELinuxMoveImageMetadataHelper accept that
      error code gracefully and in that sense it is an extension of:
      5214b2f1 "security: Don't skip label restore on file systems lacking XATTRs"
      which does the same for other call chains into the virFile*XAttr functions.
      Signed-off-by: NChristian Ehrhardt <christian.ehrhardt@canonical.com>
      Reviewed-by: NMichal Privoznik <mprivozn@redhat.com>
      55029d93
  5. 27 4月, 2020 1 次提交
  6. 17 4月, 2020 1 次提交
  7. 20 3月, 2020 1 次提交
  8. 14 3月, 2020 1 次提交
  9. 09 3月, 2020 1 次提交
    • M
      security: Introduce VIR_SECURITY_DOMAIN_IMAGE_PARENT_CHAIN_TOP flag · 62f3d8ad
      Michal Privoznik 提交于
      Our decision whether to remember seclabel for a disk image
      depends on a few factors. If the image is readonly or shared or
      not the chain top the remembering is suppressed for the image.
      However, the virSecurityManagerSetImageLabel() is too low level
      to determine whether passed @src is chain top or not. Even though
      the function has the @parent argument it does not necessarily
      reflect the chain top - it only points to the top level image in
      the chain we want to relabel and not to the topmost image of the
      whole chain. And this can't be derived from the passed domain
      definition reliably neither - in some cases (like snapshots or
      block copy) the @src is added to the definition only after the
      operation succeeded. Therefore, introduce a flag which callers
      can use to help us with the decision.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      Reviewed-by: NPeter Krempa <pkrempa@redhat.com>
      62f3d8ad
  10. 25 2月, 2020 1 次提交
  11. 29 1月, 2020 3 次提交
  12. 07 1月, 2020 2 次提交
  13. 17 12月, 2019 1 次提交
  14. 03 12月, 2019 1 次提交
  15. 12 11月, 2019 1 次提交
  16. 23 10月, 2019 1 次提交
  17. 21 10月, 2019 3 次提交
  18. 16 10月, 2019 1 次提交
  19. 15 10月, 2019 2 次提交
  20. 14 10月, 2019 2 次提交
  21. 12 10月, 2019 6 次提交
  22. 11 10月, 2019 2 次提交
  23. 10 9月, 2019 1 次提交
  24. 31 8月, 2019 1 次提交
  25. 30 8月, 2019 3 次提交