- 14 2月, 2013 2 次提交
-
-
由 Laine Stump 提交于
Normally when a process' uid is changed to non-0, all the capabilities bits are cleared, even those explicitly set with calls to capng_update()/capng_apply() made immediately before setuid. And *after* the process' uid has been changed, it no longer has the necessary privileges to add capabilities back to the process. In order to set a non-0 uid while still maintaining any capabilities bits, it is necessary to either call capng_change_id() (which unfortunately doesn't currently call initgroups to setup auxiliary group membership), or to perform the small amount of calisthenics contained in the new utility function virSetUIDGIDWithCaps(). Another very important difference between the capabilities setting/clearing in virSetUIDGIDWithCaps() and virCommand's virSetCapabilities() (which it will replace in the next patch) is that the new function properly clears the capabilities bounding set, so it will not be possible for a child process to set any new capabilities. A short description of what is done by virSetUIDGIDWithCaps(): 1) clear all capabilities then set all those desired by the caller (in capBits) plus CAP_SETGID, CAP_SETUID, and CAP_SETPCAP (which is needed to change the capabilities bounding set). 2) call prctl(), telling it that we want to maintain current capabilities across an upcoming setuid(). 3) switch to the new uid/gid 4) again call prctl(), telling it we will no longer want capabilities maintained if this process does another setuid(). 5) clear the capabilities that we added to allow us to setuid/setgid/change the bounding set (unless they were also requested by the caller via the virCommand API). Because the modification/maintaining of capabilities is intermingled with setting the uid, this is necessarily done in a single function, rather than having two independent functions. Note that, due to the way that effective capabilities are computed (at time of execve) for a process that has uid != 0, the *file* capabilities of the binary being executed must also have the desired capabilities bit(s) set (see "man 7 capabilities"). This can be done with the "filecap" command. (e.g. "filecap /usr/bin/qemu-kvm sys_rawio").
-
由 Laine Stump 提交于
Rather than treating uid:gid of 0:0 as a NOP, we blindly pass that through to the lower layers. However, we *do* check for a requested value of "-1" to mean "don't change this setting". setregid() and setreuid() already interpret -1 as a NOP, so this is just an optimization, but we are also calling getpwuid_r and initgroups, and it's unclear what the former would do with a uid of -1.
-
- 22 1月, 2013 1 次提交
-
-
由 Michal Privoznik 提交于
Currently, whenever somebody calls saferead() on nonblocking FD (safewrite() is totally interchangeable for purpose of this message) he might get wrong return value. For instance, in the first iteration some data is read. The number of bytes read is stored into local variable 'nread'. However, in next iterations we can get -1 from read() with errno == EAGAIN, in which case the -1 is returned despite fact some data has already been read. So the caller gets confused. Bare read() should be used for nonblocking FD.
-
- 14 1月, 2013 1 次提交
-
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 11 1月, 2013 1 次提交
-
-
由 Eric Blake 提交于
There's no need to do lots of readlink() calls to canonicalize a name if we're only going to use stat() on it, since stat() already chases symlinks. * src/util/virutil.c (virGetDeviceID): Let stat() do the symlink chasing.
-
- 07 1月, 2013 2 次提交
-
-
由 Osier Yang 提交于
This ignores the default "filtered" if unpriv_sgio is not supported by kernel, but for explicit request "filtered", it error out for domain starting.
-
由 Osier Yang 提交于
"virGetDeviceID" could be used across the sources, but it doesn't relate with this series, and could be done later. * src/util/virutil.h: (Declare virGetDeviceID, and vir{Get,Set}DeviceUnprivSGIO) * src/util/virutil.c: (Implement virGetDeviceID and vir{Get,Set}DeviceUnprivSGIO) * src/libvirt_private.syms: Export private symbols of upper helpers
-
- 21 12月, 2012 8 次提交
-
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
-
由 Daniel P. Berrange 提交于
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 12 12月, 2012 2 次提交
-
-
由 Peter Krempa 提交于
I didn't notice the extra "does" in the previous patch. Remove it.
-
由 Peter Krempa 提交于
This patch gets rid of the undeterministic error reporting code done on return values of get(pw|gr)nam_r. With this patch, if the group record is not returned by the corresponding function this error is not considered fatal even if errno != 0. The error is logged in such case.
-
- 07 12月, 2012 3 次提交
-
-
由 Osier Yang 提交于
QEMU supports setting vendor and product strings for disk since 1.2.0 (only scsi-disk, scsi-hd, scsi-cd support it), this patch exposes it with new XML elements <vendor> and <product> of disk device.
-
由 Christophe Fergeau 提交于
virGetGroupIDByName is documented as returning 1 if the groupname cannot be found. getgrnam_r is documented as returning: « 0 or ENOENT or ESRCH or EBADF or EPERM or ... The given name or gid was not found. » and that: « The formulation given above under "RETURN VALUE" is from POSIX.1-2001. It does not call "not found" an error, hence does not specify what value errno might have in this situation. But that makes it impossible to recognize errors. One might argue that according to POSIX errno should be left unchanged if an entry is not found. Experiments on various UNIX-like systems shows that lots of different values occur in this situation: 0, ENOENT, EBADF, ESRCH, EWOULDBLOCK, EPERM and probably others. » virGetGroupIDByName returns an error when the return value of getgrnam_r is non-0. However on my RHEL system, getgrnam_r returns ENOENT when the requested user cannot be found, which then causes virGetGroupID not to behave as documented (it returns an error instead of falling back to parsing the passed-in value as an gid). This commit makes virGetGroupIDByName only report an error when errno is set to one of the values in the posix description of getgrnam_r (which are the same as the ones described in the manpage on my system).
-
由 Christophe Fergeau 提交于
virGetUserIDByName is documented as returning 1 if the username cannot be found. getpwnam_r is documented as returning: « 0 or ENOENT or ESRCH or EBADF or EPERM or ... The given name or uid was not found. » and that: « The formulation given above under "RETURN VALUE" is from POSIX.1-2001. It does not call "not found" an error, hence does not specify what value errno might have in this situation. But that makes it impossible to recognize errors. One might argue that according to POSIX errno should be left unchanged if an entry is not found. Experiments on various UNIX-like systems shows that lots of different values occur in this situation: 0, ENOENT, EBADF, ESRCH, EWOULDBLOCK, EPERM and probably others. » virGetUserIDByName returns an error when the return value of getpwnam_r is non-0. However on my RHEL system, getpwnam_r returns ENOENT when the requested user cannot be found, which then causes virGetUserID not to behave as documented (it returns an error instead of falling back to parsing the passed-in value as an uid). This commit makes virGetUserIDByName only report an error when errno is set to one of the values in the posix description of getpwnam_r (which are the same as the ones described in the manpage on my system).
-
- 23 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The docs for virDiskNameToIndex claim it ignores partition numbers. In actual fact though, a code ordering bug means that a partition number will cause the code to accidentally multiply the result by 26. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 02 11月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
The libvirt coding standard is to use 'function(...args...)' instead of 'function (...args...)'. A non-trivial number of places did not follow this rule and are fixed in this patch. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 22 10月, 2012 1 次提交
-
-
由 Cole Robinson 提交于
-
- 10 10月, 2012 1 次提交
-
-
由 Matthias Bolte 提交于
Currently virNetSocketNew fails because virSetCloseExec fails as there is no proper implementation for it on Windows at the moment. Workaround this by pretending that setting close-on-exec on the fd works. This can be done because libvirt currently lacks the ability to create child processes on Windows anyway. So there is no point in failing to set a flag that isn't useful at the moment anyway.
-
- 09 10月, 2012 1 次提交
-
-
由 Marcelo Cerri 提交于
This patch updates virGetUserID and virGetGroupID to be able to parse a user or group name in a similar way to coreutils' chown. This means that a numeric value with a leading plus sign is always parsed as an ID, otherwise the functions try to parse the input first as a user or group name and if this fails they try to parse it as an ID. This patch includes Peter Krempa's changes to correctly handle errors returned by getpwnam_r and getgrnam_r.
-
- 28 9月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Add support for logging to the systemd journal, using its simple client library. The benefit over syslog is that it accepts structured log data, so the journald can store individual items like code file/line/func separately from the string message. Tools which require structured log data can then query the journal to extract exactly what they desire without resorting to string parsing While systemd provides a simple client library for logging, it is more convenient for libvirt to directly write its own client code. This lets us build up the iovec's on the stack, avoiding the need to alloc memory when writing log messages. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 26 9月, 2012 4 次提交
-
-
由 Daniel P. Berrange 提交于
Continue consolidation of process functions by moving some helpers out of command.{c,h} into virprocess.{c,h} Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
There are a number of process related functions spread across multiple files. Start to consolidate them by creating a virprocess.{c,h} file Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Change "Pid" to "Process" to align with the virProcessKill API naming prefix Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Changing naming to follow the convention of "object" followed by "action" Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 21 9月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://www.gnu.org/licenses/gpl-howto.html recommends that the 'If not, see <url>.' phrase be a separate sentence. * tests/securityselinuxhelper.c: Remove doubled line. * tests/securityselinuxtest.c: Likewise. * globally: s/; If/. If/
-
- 18 9月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Validates the wwn while parsing, error out if it's malformed. * src/util/util.h: Declare virValidateWWN * src/util/util.c: Implement virValidateWWN * src/libvirt_private.syms: Export virValidateWWN. * src/conf/domain_conf.h: New member 'wwn' for disk def. * src/conf/domain_conf.c: Parse and format disk <wwn>
-
- 29 8月, 2012 1 次提交
-
-
由 Peter Krempa 提交于
getpwuid_r returns success but sets the return structure to NULL when it fails to deliver data about the requested uid. In our helper code this created following strange error messages: " ... cannot getpwuid_r(1234): Success" This patch creates a more helpful message: " ... getpwuid_r failed to retrieve data for uid '1234'"
-
- 14 8月, 2012 2 次提交
-
-
由 Martin Kletzander 提交于
Fixes for some typos that somehow didn't get to the final push of the commit 43bfa23e.
-
由 Martin Kletzander 提交于
libvirt creates invalid commands if wrong locale is selected. For example with locale that uses comma as a decimal point, JSON commands created with decimal numbers are invalid because comma separates the entries in JSON. Fortunately even when decimal point is affected, thousands grouping is not, because for grouping to be enabled with *printf, there has to be an apostrophe flag specified (and supported). This patch adds specific internal function for converting doubles to strings with C locale.
-
- 23 7月, 2012 1 次提交
-
-
由 Osier Yang 提交于
Per the FSF address could be changed from time to time, and GNU recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html) You should have received a copy of the GNU General Public License along with Foobar. If not, see <http://www.gnu.org/licenses/>. This patch removes the explicit FSF address, and uses above instead (of course, with inserting 'Lesser' before 'General'). Except a bunch of files for security driver, all others are changed automatically, the copyright for securify files are not complete, that's why to do it manually: src/security/security_selinux.h src/security/security_driver.h src/security/security_selinux.c src/security/security_apparmor.h src/security/security_apparmor.c src/security/security_driver.c
-
- 18 7月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
This removes nearly all the per-file error reporting macros from the code in src/util/. A few custom macros remain for the case, where the file needs to report errors with a variety of different codes or parameters Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 10 7月, 2012 2 次提交
-
-
由 Osier Yang 提交于
All the callers of virDirCreate are updated incidentally.
-
由 Osier Yang 提交于
Instead of changing the existed virFileMakePath to accept mode argument and modifying a pile of its uses, this patch introduces virFileMakePathWithMode, and use it instead of mkdir() to create the readline history dir.
-
- 25 6月, 2012 1 次提交
-
-
由 Daniel P. Berrange 提交于
Some GNULIB headers (eg unistd.h) will often need to include winsock2.h for various symbols. There is a rule that winsock2.h must be included before windows.h. This means that any file which does #ifdef WIN32 #include <windows.h> #endif #include <unistd.h> is potentially broken. A simple rule is that /all/ includes of windows.h must be matched with a preceding include of winsock2.h regardless of whether unistd.h is used currently Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-