1. 18 9月, 2013 1 次提交
  2. 10 9月, 2013 1 次提交
    • E
      build: use automake subdir-objects · 7f626e47
      Eric Blake 提交于
      Automake 2.0 will enable subdir-objects by default; in preparation
      for that change, automake 1.14 outputs LOADS of warnings:
      
      daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
      daemon/Makefile.am:38: but option 'subdir-objects' is disabled
      automake-1.14: warning: possible forward-incompatibility.
      automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
      automake-1.14: automake option hasn't been enabled.  For now, the corresponding output
      automake-1.14: object file(s) will be placed in the top-level directory.  However,
      automake-1.14: this behaviour will change in future Automake versions: they will
      automake-1.14: unconditionally cause object files to be placed in the same subdirectory
      automake-1.14: of the corresponding sources.
      automake-1.14: You are advised to start using 'subdir-objects' option throughout your
      automake-1.14: project, to avoid future incompatibilities.
      daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
      daemon/Makefile.am:38: but option 'subdir-objects' is disabled
      ...
      
      As automake 1.9 also supported this option, and the previous patches
      fixed up the code base to work with it, it is safe to now turn it on
      unconditionally.
      
      * configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
      * .gitignore: Ignore .dirstamp directories.
      * src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
      new subdir-object location of .lo files.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      7f626e47
  3. 10 8月, 2013 1 次提交
    • D
      Add documentation for access control system · da13f2c7
      Daniel P. Berrange 提交于
      This adds two new pages to the website, acl.html describing
      the general access control framework and permissions models,
      and aclpolkit.html describing the use of polkit as an
      access control driver.
      
      page.xsl is modified to support a new syntax
      
        <div id="include" filename="somefile.htmlinc"/>
      
      which will cause the XSL transform to replace that <div>
      with the contents of 'somefile.htmlinc'. We use this in
      the acl.html.in file, to pull the table of permissions
      for each libvirt object. This table is autogenerated
      from the enums in src/access/viraccessperms.h by the
      genaclperms.pl script.
      
      newapi.xsl is modified so that the list of permissions
      checks shown against each API will link to the description
      of the permissions in acl.html
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      da13f2c7
  4. 09 8月, 2013 2 次提交
  5. 08 8月, 2013 2 次提交
    • D
      Introduce a virt-login-shell binary · 54d69f54
      Dan Walsh 提交于
      Add a virt-login-shell binary that can be set as a user's
      shell, such that when they login, it causes them to enter
      the LXC container with a name matching their user name.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      54d69f54
    • D
      Add info about access control checks into API reference · 664ab280
      Daniel P. Berrange 提交于
      So that app developers / admins know what access control checks
      are performed for each API, this patch extends the API docs
      generator to include details of the ACLs for each.
      
      The gendispatch.pl script is extended so that it generates
      a simple XML describing ACL rules, eg.
      
        <aclinfo>
          ...
          <api name='virConnectNumOfDomains'>
            <check object='connect' perm='search_domains'/>
            <filter object='domain' perm='getattr'/>
          </api>
          <api name='virDomainAttachDeviceFlags'>
            <check object='domain' perm='write'/>
            <check object='domain' perm='save' flags='!VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE'/>
            <check object='domain' perm='save' flags='VIR_DOMAIN_AFFECT_CONFIG'/>
          </api>
          ...
        </aclinfo>
      
      The newapi.xsl template loads the XML files containing the ACL
      rules and generates a short block of HTML for each API describing
      the parameter checks and return value filters (if any).
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      664ab280
  6. 31 7月, 2013 1 次提交
  7. 22 7月, 2013 2 次提交
    • D
      Add API for calling systemd-machined's DBus API · dff93f8c
      Daniel P. Berrange 提交于
      To register virtual machines and containers with systemd-machined,
      and thus have cgroups auto-created, we need to talk over DBus.
      This is somewhat tedious code, so introduce a dedicated function
      to isolate the DBus call in one place.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      dff93f8c
    • D
      Introduce virDBusCallMethod & virDBusMessageRead methods · 834c9c94
      Daniel P. Berrange 提交于
      Doing DBus method calls using libdbus.so is tedious in the
      extreme. systemd developers came up with a nice high level
      API for DBus method calls (sd_bus_call_method). While
      systemd doesn't use libdbus.so, their API design can easily
      be ported to libdbus.so.
      
      This patch thus introduces methods virDBusCallMethod &
      virDBusMessageRead, which are based on the code used for
      sd_bus_call_method and sd_bus_message_read. This code in
      systemd is under the LGPLv2+, so we're license compatible.
      
      This code is probably pretty unintelligible unless you are
      familiar with the DBus type system. So I added some API
      docs trying to explain how to use them, as well as test
      cases to validate that I didn't screw up the adaptation
      from the original systemd code.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      834c9c94
  8. 25 6月, 2013 1 次提交
  9. 24 6月, 2013 2 次提交
    • D
      Auto-generate helpers for checking access control rules · 68602622
      Daniel P. Berrange 提交于
      Extend the 'gendispatch.pl' script to be able to generate
      three new types of file.
      
      - 'aclheader' - defines signatures of helper APIs for
        doing authorization checks. There is one helper API
        for each API requiring an auth check. Any @acl
        annotations result in a method being generated with
        a suffix of 'EnsureACL'. If the ACL check requires
        examination of flags, an extra 'flags' param will be
        present. Some examples
      
        extern int virConnectBaselineCPUEnsureACL(void);
        extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
        extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
      
        Any @aclfilter annotations resuilt in a method being
        generated with a suffix of 'CheckACL'.
      
        extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
      
        These are used for filtering individual objects from APIs
        which return a list of objects
      
      - 'aclbody' - defines the actual implementation of the
        methods described above. This calls into the access
        manager APIs. A complex example:
      
          /* Returns: -1 on error (denied==error), 0 on allowed */
          int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
                                                  virDomainDefPtr domain,
                                                  unsigned int flags)
          {
              virAccessManagerPtr mgr;
              int rv;
      
              if (!(mgr = virAccessManagerGetDefault()))
                  return -1;
      
              if ((rv = virAccessManagerCheckDomain(mgr,
                                                    conn->driver->name,
                                                    domain,
                                                    VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
                  virObjectUnref(mgr);
                  if (rv == 0)
                      virReportError(VIR_ERR_ACCESS_DENIED, NULL);
                  return -1;
              }
              if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
                  (rv = virAccessManagerCheckDomain(mgr,
                                                    conn->driver->name,
                                                    domain,
                                                    VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
                  virObjectUnref(mgr);
                  if (rv == 0)
                      virReportError(VIR_ERR_ACCESS_DENIED, NULL);
                  return -1;
              }
              if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
                  (rv = virAccessManagerCheckDomain(mgr,
                                                    conn->driver->name,
                                                    domain,
                                                    VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
                  virObjectUnref(mgr);
                  if (rv == 0)
                      virReportError(VIR_ERR_ACCESS_DENIED, NULL);
                  return -1;
              }
              virObjectUnref(mgr);
              return 0;
          }
      
      - 'aclsyms' - generates a linker script to export the
         APIs to drivers. Some examples
      
        virConnectBaselineCPUEnsureACL;
        virConnectCompareCPUEnsureACL;
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      68602622
    • D
      Add a policy kit access control driver · b904bba7
      Daniel P. Berrange 提交于
      Add an access control driver that uses the pkcheck command
      to check authorization requests. This is fairly inefficient,
      particularly for cases where an API returns a list of objects
      and needs to check permission for each object.
      
      It would be desirable to use the polkit API but this links
      to glib with abort-on-OOM behaviour, so can't be used. The
      other alternative is to speak to dbus directly
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      b904bba7
  10. 21 5月, 2013 1 次提交
    • E
      maint: follow recommended practice for using LGPL · de483052
      Eric Blake 提交于
      https://www.gnu.org/licenses/gpl-howto.html states:
      
      You should also include a copy of the license itself somewhere in the
      distribution of your program. All programs, whether they are released
      under the GPL or LGPL, should include the text version of the GPL. In
      GNU programs the license is usually in a file called COPYING.
      
      If you are releasing your program under the LGPL, you should also
      include the text version of the LGPL, usually in a file called
      COPYING.LESSER. Please note that, since the LGPL is a set of
      additional permissions on top of the GPL, it's important to include
      both licenses so users have all the materials they need to understand
      their rights.
      
      * configure.ac (COPYING): No more games with non-git file.
      * COPYING: New file, copied from gnulib.
      * COPYING.LIB: Rename...
      * COPYING.LESSER: ...to this.
      * .gitignore: Track licenses in git.
      * cfg.mk (exclude_file_name_regexp--sc_copyright_address): Tweak
      rule.
      * libvirt.spec.in (daemon, client, python): Reflect rename.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      de483052
  11. 13 5月, 2013 1 次提交
  12. 11 5月, 2013 1 次提交
  13. 16 4月, 2013 1 次提交
    • D
      Add a test suite for cgroups functionality · d1452470
      Daniel P. Berrange 提交于
      Some aspects of the cgroups setup / detection code are quite subtle
      and easy to break. It would greatly benefit from unit testing, but
      this is difficult because the test suite won't have privileges to
      play around with cgroups. The solution is to use monkey patching
      via LD_PRELOAD to override the fopen, open, mkdir, access functions
      to redirect access of cgroups files to some magic stubs in the
      test suite.
      
      Using this we provide custom content for the /proc/cgroup and
      /proc/self/mounts files which report a fixed cgroup setup. We
      then override open/mkdir/access so that access to the cgroups
      filesystem gets redirected into files in a temporary directory
      tree in the test suite build dir.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      d1452470
  14. 08 4月, 2013 1 次提交
  15. 20 3月, 2013 1 次提交
  16. 19 3月, 2013 1 次提交
  17. 18 2月, 2013 1 次提交
  18. 16 2月, 2013 1 次提交
    • E
      storage: test backing chain traversal · a18452d0
      Eric Blake 提交于
      Testing our backing chain handling will make it much easier to
      ensure that we avoid issues in the future.  If only I had written
      this test before I first caused several regressions...
      
      * tests/virstoragetest.c: New test.
      * tests/Makefile.am (test_programs): Build it.
      * .gitignore: Ignore new files.
      a18452d0
  19. 13 2月, 2013 1 次提交
    • E
      util: add virendian.h macros · c6f1060c
      Eric Blake 提交于
      We have several cases where we need to read endian-dependent
      data regardless of host endianness; rather than open-coding
      these call sites, it will be nicer to funnel things through
      a macro.
      
      The virendian.h file can be expanded to add writer functions,
      and/or 16-bit access patterns, if needed.  Also, if we need
      to turn things into a function to avoid multiple evaluations
      of buf, that can be done later.  But for now, a macro worked.
      
      * src/util/virendian.h: New file.
      * src/Makefile.am (UTIL_SOURCES): Ship it.
      * tests/virendiantest.c: New test.
      * tests/Makefile.am (test_programs, virendiantest_SOURCES): Run
      the test.
      * .gitignore: Ignore built file.
      c6f1060c
  20. 30 1月, 2013 1 次提交
    • M
      Ignore '.trs' files · 3d36b1a4
      Martin Kletzander 提交于
      When doing checks with automake, there are '<testname>.trs' files left
      behind, that might or might not be usable, however these show up in
      'git status' even though we definitely don't want them to be tracked
      in the repository'.  Automake adds the '--trs-files' option by default
      since commit 0c81b43f711fb861f04227ced8dba889596d9c43 [1], which
      consequently (from 1.13 in my case) started leaving these files behind
      along with '<testname>.log' files as well (which we already ignore).
      
      [1] http://git.savannah.gnu.org/gitweb/?p=automake.git;a=commitdiff;h=0c81b43
      3d36b1a4
  21. 16 1月, 2013 1 次提交
  22. 15 1月, 2013 1 次提交
  23. 14 1月, 2013 2 次提交
    • D
      Introduce an LXC specific public API & library · 3d1596b0
      Daniel P. Berrange 提交于
      This patch introduces support for LXC specific public APIs. In
      common with what was done for QEMU, this creates a libvirt_lxc.so
      library and libvirt/libvirt-lxc.h header file.
      
      The actual APIs are
      
        int virDomainLxcOpenNamespace(virDomainPtr domain,
                                      int **fdlist,
                                      unsigned int flags);
      
        int virDomainLxcEnterNamespace(virDomainPtr domain,
                                       unsigned int nfdlist,
                                       int *fdlist,
                                       unsigned int *noldfdlist,
                                       int **oldfdlist,
                                       unsigned int flags);
      
      which provide a way to use the setns() system call to move the
      calling process into the container's namespace. It is not
      practical to write in a generically applicable manner. The
      nearest that we could get to such an API would be an API which
      allows to pass a command + argv to be executed inside a
      container. Even if we had such a generic API, this LXC specific
      API is still useful, because it allows the caller to maintain
      the current process context, in particular any I/O streams they
      have open.
      
      NB the virDomainLxcEnterNamespace() API is special in that it
      runs client side, so does not involve the internal driver API.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      3d1596b0
    • D
      Add a test suite for validating SELinux labelling · 907a39e7
      Daniel P. Berrange 提交于
      There are many aspects of the guest XML which result in the
      SELinux driver applying file labelling. With the increasing
      configuration options it is desirable to test this behaviour.
      It is not possible to assume that the test suite has the
      ability to set SELinux labels. Most filesystems though will
      support extended attributes. Thus for the purpose of testing,
      it is possible to extend the existing LD_PRELOAD hack to
      override setfilecon() and getfilecon() to simply use the
      'user.libvirt.selinux' attribute for the sake of testing.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      907a39e7
  24. 08 1月, 2013 1 次提交
  25. 18 12月, 2012 1 次提交
  26. 13 12月, 2012 4 次提交
  27. 12 12月, 2012 1 次提交
  28. 01 12月, 2012 1 次提交
  29. 05 11月, 2012 1 次提交
  30. 31 10月, 2012 1 次提交
  31. 26 10月, 2012 2 次提交
    • P
      maint: Sort .gitignore · 41bf06e9
      Peter Krempa 提交于
      Sorting of the .gitignore file was broken after the last addition. After
      a clean build the scripts re-sort it making the working tree dirty.
      41bf06e9
    • E
      maint: ignore unsaved emacs files · caea10bf
      Eric Blake 提交于
      I did a 'git add .', then realized that it ended up trying to
      add the emacs lock file for a corresponding file that I had not
      yet saved all my edits; thankfully I noticed it in time.  Since
      we already exclude other temporary files, this makes the most
      sense for preventing such a mistake from actually hitting upstream.
      
      * .gitignore: Add .#* to the exclude list.
      caea10bf