1. 31 8月, 2011 1 次提交
    • D
      Remove bogus virSecurityManagerSetProcessFDLabel method · 18338388
      Daniel P. Berrange 提交于
      The virSecurityManagerSetProcessFDLabel method was introduced
      after a mis-understanding from a conversation about SELinux
      socket labelling. The virSecurityManagerSetSocketLabel method
      should have been used for all such scenarios.
      
      * src/security/security_apparmor.c, src/security/security_apparmor.c,
        src/security/security_driver.h, src/security/security_manager.c,
        src/security/security_manager.h, src/security/security_selinux.c,
        src/security/security_stack.c: Remove SetProcessFDLabel driver
      18338388
  2. 26 8月, 2011 2 次提交
    • J
      security: Introduce SetSocketLabel · 520d91f8
      Jiri Denemark 提交于
      This API labels all sockets created until ClearSocketLabel is called in
      a way that a vm can access them (i.e., they are labeled with svirt_t
      based label in SELinux).
      520d91f8
    • J
      security: Rename SetSocketLabel APIs to SetDaemonSocketLabel · 4c85d96f
      Jiri Denemark 提交于
      The APIs are designed to label a socket in a way that the libvirt daemon
      itself is able to access it (i.e., in SELinux the label is virtd_t based
      as opposed to svirt_* we use for labeling resources that need to be
      accessed by a vm). The new name reflects this.
      4c85d96f
  3. 28 6月, 2011 2 次提交
    • D
      Add a virSecurityManagerSetProcessFDLabel · 8e3c6fbb
      Daniel P. Berrange 提交于
      Add a new security driver method for labelling an FD with
      the process label, rather than the image label
      
      * src/libvirt_private.syms, src/security/security_apparmor.c,
        src/security/security_dac.c, src/security/security_driver.h,
        src/security/security_manager.c, src/security/security_manager.h,
        src/security/security_selinux.c, src/security/security_stack.c:
        Add virSecurityManagerSetProcessFDLabel & impl
      8e3c6fbb
    • D
      Rename virSecurityManagerSetFDLabel method · 4438c63e
      Daniel P. Berrange 提交于
      The virSecurityManagerSetFDLabel method is used to label
      file descriptors associated with disk images. There will
      shortly be a need to label other file descriptors in a
      different way. So the current name is ambiguous. Rename
      the method to virSecurityManagerSetImageFDLabel to clarify
      its purpose
      
      * src/libvirt_private.syms,
        src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
        src/security/security_apparmor.c, src/security/security_dac.c,
        src/security/security_driver.h, src/security/security_manager.c,
        src/security/security_manager.h, src/security/security_selinux.c,
        src/security/security_stack.c: s/FDLabel/ImageFDLabel/
      4438c63e
  4. 04 6月, 2011 1 次提交
    • L
      security driver: ignore EINVAL when chowning an image file · 62ed801c
      Laine Stump 提交于
      This fixes:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=702044
        https://bugzilla.redhat.com/show_bug.cgi?id=709454
      
      Both of these complain of a failure to use an image file that resides
      on a read-only NFS volume. The function in the DAC security driver
      that chowns image files to the qemu user:group before using them
      already has special cases to ignore failure of chown on read-only file
      systems, and in a few other cases, but it hadn't been checking for
      EINVAL, which is what is returned if the qemu user doesn't even exist
      on the NFS server.
      
      Since the explanation of EINVAL in the chown man page almost exactly
      matches the log message already present for the case of EOPNOTSUPP,
      I've just added EINVAL to that same conditional.
      62ed801c
  5. 06 5月, 2011 1 次提交
    • D
      Fix security driver handling of FIFOs with QEMU · d37c6a3a
      Daniel P. Berrange 提交于
      When setting up a FIFO for QEMU, it allows either a pair
      of fifos used unidirectionally, or a single fifo used
      bidirectionally. Look for the bidirectional fifo first
      when labelling since that is more useful
      
      * src/security/security_dac.c,
        src/security/security_selinux.c: Fix fifo handling
      d37c6a3a
  6. 09 3月, 2011 1 次提交
    • E
      build: avoid compiler warning on cygwin · 3dfd4ea3
      Eric Blake 提交于
      On cygwin:
      
        CC       libvirt_driver_security_la-security_dac.lo
      security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
      security/security_dac.c:618: warning: format '%d' expects type 'int', but argument 7 has type 'uid_t' [-Wformat]
      
      We've done this before (see src/util/util.c).
      
      * src/security/security_dac.c (virSecurityDACSetProcessLabel): On
      cygwin, uid_t is a 32-bit long.
      3dfd4ea3
  7. 03 3月, 2011 1 次提交
  8. 21 2月, 2011 1 次提交
    • E
      maint: kill all remaining uses of old DEBUG macro · 994e7567
      Eric Blake 提交于
      Done mechanically with:
      $ git grep -l '\bDEBUG0\? *(' | xargs -L1 sed -i 's/\bDEBUG0\? *(/VIR_&/'
      
      followed by manual deletion of qemudDebug in daemon/libvirtd.c, along
      with a single 'make syntax-check' fallout in the same file, and the
      actual deletion in src/util/logging.h.
      
      * src/util/logging.h (DEBUG, DEBUG0): Delete.
      * daemon/libvirtd.h (qemudDebug): Likewise.
      * global: Change remaining clients over to VIR_DEBUG counterpart.
      994e7567
  9. 26 1月, 2011 1 次提交
    • L
      Add a function to the security driver API that sets the label of an open fd. · d89608f9
      Laine Stump 提交于
      A need was found to set the SELinux context label on an open fd (a
      pipe, as a matter of fact). This patch adds a function to the security
      driver API that will set the label on an open fd to secdef.label. For
      all drivers other than the SELinux driver, it's a NOP. For the SElinux
      driver, it calls fsetfilecon().
      
      If the return is a failure, it only returns error up to the caller if
      1) the desired label is different from the existing label, 2) the
      destination fd is of a type that supports setting the selinux context,
      and 3) selinux is in enforcing mode. Otherwise it will return
      success. This follows the pattern of the existing function
      SELinuxSetFilecon().
      d89608f9
  10. 15 1月, 2011 1 次提交
    • E
      domain_conf: split source data out from ChrDef · 98334e7c
      Eric Blake 提交于
      This opens up the possibility of reusing the smaller ChrSourceDef
      for both qemu monitor and a passthrough smartcard device.
      
      * src/conf/domain_conf.h (_virDomainChrDef): Factor host
      details...
      (_virDomainChrSourceDef): ...into new struct.
      (virDomainChrSourceDefFree): New prototype.
      * src/conf/domain_conf.c (virDomainChrDefFree)
      (virDomainChrDefParseXML, virDomainChrDefFormat): Split...
      (virDomainChrSourceDefClear, virDomainChrSourceDefFree)
      (virDomainChrSourceDefParseXML, virDomainChrSourceDefFormat):
      ...into new functions.
      (virDomainChrDefParseTargetXML): Update clients to reflect type
      split.
      * src/vmx/vmx.c (virVMXParseSerial, virVMXParseParallel)
      (virVMXFormatSerial, virVMXFormatParallel): Likewise.
      * src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.
      * src/xen/xend_internal.c (xenDaemonParseSxprChar)
      (xenDaemonFormatSxprChr): Likewise.
      * src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxAttachSerial)
      (vboxAttachParallel): Likewise.
      * src/security/security_dac.c (virSecurityDACSetChardevLabel)
      (virSecurityDACSetChardevCallback)
      (virSecurityDACRestoreChardevLabel)
      (virSecurityDACRestoreChardevCallback): Likewise.
      * src/security/security_selinux.c (SELinuxSetSecurityChardevLabel)
      (SELinuxSetSecurityChardevCallback)
      (SELinuxRestoreSecurityChardevLabel)
      (SELinuxSetSecurityChardevCallback): Likewise.
      * src/security/virt-aa-helper.c (get_files): Likewise.
      * src/lxc/lxc_driver.c (lxcVmStart, lxcDomainOpenConsole):
      Likewise.
      * src/uml/uml_conf.c (umlBuildCommandLineChr): Likewise.
      * src/uml/uml_driver.c (umlIdentifyOneChrPTY, umlIdentifyChrPTY)
      (umlDomainOpenConsole): Likewise.
      * src/qemu/qemu_command.c (qemuBuildChrChardevStr)
      (qemuBuildChrArgStr, qemuBuildCommandLine)
      (qemuParseCommandLineChr): Likewise.
      * src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLFormat)
      (qemuDomainObjPrivateXMLParse): Likewise.
      * src/qemu/qemu_cgroup.c (qemuSetupChardevCgroup): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
      * src/qemu/qemu_driver.c (qemudFindCharDevicePTYsMonitor)
      (qemudFindCharDevicePTYs, qemuPrepareChardevDevice)
      (qemuPrepareMonitorChr, qemudShutdownVMDaemon)
      (qemuDomainOpenConsole): Likewise.
      * src/qemu/qemu_command.h (qemuBuildChrChardevStr)
      (qemuBuildChrArgStr): Delete, now that they are static.
      * src/libvirt_private.syms (domain_conf.h): New exports.
      * cfg.mk (useless_free_options): Update list.
      * tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Update
      tests.
      98334e7c
  11. 11 1月, 2011 1 次提交
    • D
      Refactor the security drivers to simplify usage · d6623003
      Daniel P. Berrange 提交于
      The current security driver usage requires horrible code like
      
          if (driver->securityDriver &&
              driver->securityDriver->domainSetSecurityHostdevLabel &&
              driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
                                                                    vm, hostdev) < 0)
      
      This pair of checks for NULL clutters up the code, making the driver
      calls 2 lines longer than they really need to be. The goal of the
      patchset is to change the calling convention to simply
      
        if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
                                              vm, hostdev) < 0)
      
      The first check for 'driver->securityDriver' being NULL is removed
      by introducing a 'no op' security driver that will always be present
      if no real driver is enabled. This guarentees driver->securityDriver
      != NULL.
      
      The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
      being non-NULL is hidden in a new abstraction called virSecurityManager.
      This separates the driver callbacks, from main internal API. The addition
      of a virSecurityManager object, that is separate from the virSecurityDriver
      struct also allows for security drivers to carry state / configuration
      information directly. Thus the DAC/Stack drivers from src/qemu which
      used to pull config from 'struct qemud_driver' can now be moved into
      the 'src/security' directory and store their config directly.
      
      * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
        use new virSecurityManager APIs
      * src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
        src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
        Move into src/security directory
      * src/security/security_stack.c, src/security/security_stack.h,
        src/security/security_dac.c, src/security/security_dac.h: Generic
        versions of previous QEMU specific drivers
      * src/security/security_apparmor.c, src/security/security_apparmor.h,
        src/security/security_driver.c, src/security/security_driver.h,
        src/security/security_selinux.c, src/security/security_selinux.h:
        Update to take virSecurityManagerPtr object as the first param
        in all callbacks
      * src/security/security_nop.c, src/security/security_nop.h: Stub
        implementation of all security driver APIs.
      * src/security/security_manager.h, src/security/security_manager.c:
        New internal API for invoking security drivers
      * src/libvirt.c: Add missing debug for security APIs
      d6623003