1. 21 8月, 2012 2 次提交
  2. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  3. 24 5月, 2012 1 次提交
  4. 16 5月, 2012 2 次提交
  5. 02 3月, 2012 1 次提交
    • E
      build: use correct type for pid and similar types · 3e2c3d8f
      Eric Blake 提交于
      No thanks to 64-bit windows, with 64-bit pid_t, we have to avoid
      constructs like 'int pid'.  Our API in libvirt-qemu cannot be
      changed without breaking ABI; but then again, libvirt-qemu can
      only be used on systems that support UNIX sockets, which rules
      out Windows (even if qemu could be compiled there) - so for all
      points on the call chain that interact with this API decision,
      we require a different variable name to make it clear that we
      audited the use for safety.
      
      Adding a syntax-check rule only solves half the battle; anywhere
      that uses printf on a pid_t still needs to be converted, but that
      will be a separate patch.
      
      * cfg.mk (sc_correct_id_types): New syntax check.
      * src/libvirt-qemu.c (virDomainQemuAttach): Document why we didn't
      use pid_t for pid, and validate for overflow.
      * include/libvirt/libvirt-qemu.h (virDomainQemuAttach): Tweak name
      for syntax check.
      * src/vmware/vmware_conf.c (vmwareExtractPid): Likewise.
      * src/driver.h (virDrvDomainQemuAttach): Likewise.
      * tools/virsh.c (cmdQemuAttach): Likewise.
      * src/remote/qemu_protocol.x (qemu_domain_attach_args): Likewise.
      * src/qemu_protocol-structs (qemu_domain_attach_args): Likewise.
      * src/util/cgroup.c (virCgroupPidCode, virCgroupKillInternal):
      Likewise.
      * src/qemu/qemu_command.c(qemuParseProcFileStrings): Likewise.
      (qemuParseCommandLinePid): Use pid_t for pid.
      * daemon/libvirtd.c (daemonForkIntoBackground): Likewise.
      * src/conf/domain_conf.h (_virDomainObj): Likewise.
      * src/probes.d (rpc_socket_new): Likewise.
      * src/qemu/qemu_command.h (qemuParseCommandLinePid): Likewise.
      * src/qemu/qemu_driver.c (qemudGetProcessInfo, qemuDomainAttach):
      Likewise.
      * src/qemu/qemu_process.c (qemuProcessAttach): Likewise.
      * src/qemu/qemu_process.h (qemuProcessAttach): Likewise.
      * src/uml/uml_driver.c (umlGetProcessInfo): Likewise.
      * src/util/virnetdev.h (virNetDevSetNamespace): Likewise.
      * src/util/virnetdev.c (virNetDevSetNamespace): Likewise.
      * tests/testutils.c (virtTestCaptureProgramOutput): Likewise.
      * src/conf/storage_conf.h (_virStoragePerms): Use mode_t, uid_t,
      and gid_t rather than int.
      * src/security/security_dac.c (virSecurityDACSetOwnership): Likewise.
      * src/conf/storage_conf.c (virStorageDefParsePerms): Avoid
      compiler warning.
      3e2c3d8f
  6. 04 2月, 2012 1 次提交
    • L
      qemu: eliminate "Ignoring open failure" when using root-squash NFS · c18a88ac
      Laine Stump 提交于
      This eliminates the warning message reported in:
      
       https://bugzilla.redhat.com/show_bug.cgi?id=624447
      
      It was caused by a failure to open an image file that is not
      accessible by root (the uid libvirtd is running as) because it's on a
      root-squash NFS share, owned by a different user, with permissions of
      660 (or maybe 600).
      
      The solution is to use virFileOpenAs() rather than open(). The
      codepath that generates the error is during qemuSetupDiskCGroup(), but
      the actual open() is in a lower-level generic function called from
      many places (virDomainDiskDefForeachPath), so some other pieces of the
      code were touched just to add dummy (or possibly useful) uid and gid
      arguments.
      
      Eliminating this warning message has the nice side effect that the
      requested operation may even succeed (which in this case isn't
      necessary, but shouldn't hurt anything either).
      c18a88ac
  7. 11 1月, 2012 1 次提交
    • D
      Change security driver APIs to use virDomainDefPtr instead of virDomainObjPtr · 99be754a
      Daniel P. Berrange 提交于
      When sVirt is integrated with the LXC driver, it will be neccessary
      to invoke the security driver APIs using only a virDomainDefPtr
      since the lxc_container.c code has no virDomainObjPtr available.
      Aside from two functions which want obj->pid, every bit of the
      security driver code only touches obj->def. So we don't need to
      pass a virDomainObjPtr into the security drivers, a virDomainDefPtr
      is sufficient. Two functions also gain a 'pid_t pid' argument.
      
      * src/qemu/qemu_driver.c, src/qemu/qemu_hotplug.c,
        src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
        src/security/security_apparmor.c,
        src/security/security_dac.c,
        src/security/security_driver.h,
        src/security/security_manager.c,
        src/security/security_manager.h,
        src/security/security_nop.c,
        src/security/security_selinux.c,
        src/security/security_stack.c: Change all security APIs to use a
        virDomainDefPtr instead of virDomainObjPtr
      99be754a
  8. 12 12月, 2011 1 次提交
  9. 28 9月, 2011 1 次提交
    • L
      security: properly chown/label bidirectional and unidirectional fifos · 46e8dc71
      Laine Stump 提交于
      This patch fixes the regression with using named pipes for qemu serial
      devices noted in:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=740478
      
      The problem was that, while new code in libvirt looks for a single
      bidirectional fifo of the name given in the config, then relabels that
      and continues without looking for / relabelling the two unidirectional
      fifos named ${name}.in and ${name}.out, qemu looks in the opposite
      order. So if the user had naively created all three fifos, libvirt
      would relabel the bidirectional fifo to allow qemu access, but qemu
      would attempt to use the two unidirectional fifos and fail (because it
      didn't have proper permissions/rights).
      
      This patch changes the order that libvirt looks for the fifos to match
      what qemu does - first it looks for the dual fifos, then it looks for
      the single bidirectional fifo. If it finds the dual unidirectional
      fifos first, it labels/chowns them and ignores any possible
      bidirectional fifo.
      
      (Note commit d37c6a3a (which first appeared in libvirt-0.9.2) added
      the code that checked for a bidirectional fifo. Prior to that commit,
      bidirectional fifos for serial devices didn't work because libvirt
      always required the ${name}.(in|out) fifos to exist, and qemu would
      always prefer those.
      46e8dc71
  10. 31 8月, 2011 1 次提交
    • D
      Remove bogus virSecurityManagerSetProcessFDLabel method · 18338388
      Daniel P. Berrange 提交于
      The virSecurityManagerSetProcessFDLabel method was introduced
      after a mis-understanding from a conversation about SELinux
      socket labelling. The virSecurityManagerSetSocketLabel method
      should have been used for all such scenarios.
      
      * src/security/security_apparmor.c, src/security/security_apparmor.c,
        src/security/security_driver.h, src/security/security_manager.c,
        src/security/security_manager.h, src/security/security_selinux.c,
        src/security/security_stack.c: Remove SetProcessFDLabel driver
      18338388
  11. 26 8月, 2011 2 次提交
    • J
      security: Introduce SetSocketLabel · 520d91f8
      Jiri Denemark 提交于
      This API labels all sockets created until ClearSocketLabel is called in
      a way that a vm can access them (i.e., they are labeled with svirt_t
      based label in SELinux).
      520d91f8
    • J
      security: Rename SetSocketLabel APIs to SetDaemonSocketLabel · 4c85d96f
      Jiri Denemark 提交于
      The APIs are designed to label a socket in a way that the libvirt daemon
      itself is able to access it (i.e., in SELinux the label is virtd_t based
      as opposed to svirt_* we use for labeling resources that need to be
      accessed by a vm). The new name reflects this.
      4c85d96f
  12. 28 6月, 2011 2 次提交
    • D
      Add a virSecurityManagerSetProcessFDLabel · 8e3c6fbb
      Daniel P. Berrange 提交于
      Add a new security driver method for labelling an FD with
      the process label, rather than the image label
      
      * src/libvirt_private.syms, src/security/security_apparmor.c,
        src/security/security_dac.c, src/security/security_driver.h,
        src/security/security_manager.c, src/security/security_manager.h,
        src/security/security_selinux.c, src/security/security_stack.c:
        Add virSecurityManagerSetProcessFDLabel & impl
      8e3c6fbb
    • D
      Rename virSecurityManagerSetFDLabel method · 4438c63e
      Daniel P. Berrange 提交于
      The virSecurityManagerSetFDLabel method is used to label
      file descriptors associated with disk images. There will
      shortly be a need to label other file descriptors in a
      different way. So the current name is ambiguous. Rename
      the method to virSecurityManagerSetImageFDLabel to clarify
      its purpose
      
      * src/libvirt_private.syms,
        src/qemu/qemu_migration.c, src/qemu/qemu_process.c,
        src/security/security_apparmor.c, src/security/security_dac.c,
        src/security/security_driver.h, src/security/security_manager.c,
        src/security/security_manager.h, src/security/security_selinux.c,
        src/security/security_stack.c: s/FDLabel/ImageFDLabel/
      4438c63e
  13. 04 6月, 2011 1 次提交
    • L
      security driver: ignore EINVAL when chowning an image file · 62ed801c
      Laine Stump 提交于
      This fixes:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=702044
        https://bugzilla.redhat.com/show_bug.cgi?id=709454
      
      Both of these complain of a failure to use an image file that resides
      on a read-only NFS volume. The function in the DAC security driver
      that chowns image files to the qemu user:group before using them
      already has special cases to ignore failure of chown on read-only file
      systems, and in a few other cases, but it hadn't been checking for
      EINVAL, which is what is returned if the qemu user doesn't even exist
      on the NFS server.
      
      Since the explanation of EINVAL in the chown man page almost exactly
      matches the log message already present for the case of EOPNOTSUPP,
      I've just added EINVAL to that same conditional.
      62ed801c
  14. 06 5月, 2011 1 次提交
    • D
      Fix security driver handling of FIFOs with QEMU · d37c6a3a
      Daniel P. Berrange 提交于
      When setting up a FIFO for QEMU, it allows either a pair
      of fifos used unidirectionally, or a single fifo used
      bidirectionally. Look for the bidirectional fifo first
      when labelling since that is more useful
      
      * src/security/security_dac.c,
        src/security/security_selinux.c: Fix fifo handling
      d37c6a3a
  15. 09 3月, 2011 1 次提交
    • E
      build: avoid compiler warning on cygwin · 3dfd4ea3
      Eric Blake 提交于
      On cygwin:
      
        CC       libvirt_driver_security_la-security_dac.lo
      security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
      security/security_dac.c:618: warning: format '%d' expects type 'int', but argument 7 has type 'uid_t' [-Wformat]
      
      We've done this before (see src/util/util.c).
      
      * src/security/security_dac.c (virSecurityDACSetProcessLabel): On
      cygwin, uid_t is a 32-bit long.
      3dfd4ea3
  16. 03 3月, 2011 1 次提交
  17. 21 2月, 2011 1 次提交
    • E
      maint: kill all remaining uses of old DEBUG macro · 994e7567
      Eric Blake 提交于
      Done mechanically with:
      $ git grep -l '\bDEBUG0\? *(' | xargs -L1 sed -i 's/\bDEBUG0\? *(/VIR_&/'
      
      followed by manual deletion of qemudDebug in daemon/libvirtd.c, along
      with a single 'make syntax-check' fallout in the same file, and the
      actual deletion in src/util/logging.h.
      
      * src/util/logging.h (DEBUG, DEBUG0): Delete.
      * daemon/libvirtd.h (qemudDebug): Likewise.
      * global: Change remaining clients over to VIR_DEBUG counterpart.
      994e7567
  18. 26 1月, 2011 1 次提交
    • L
      Add a function to the security driver API that sets the label of an open fd. · d89608f9
      Laine Stump 提交于
      A need was found to set the SELinux context label on an open fd (a
      pipe, as a matter of fact). This patch adds a function to the security
      driver API that will set the label on an open fd to secdef.label. For
      all drivers other than the SELinux driver, it's a NOP. For the SElinux
      driver, it calls fsetfilecon().
      
      If the return is a failure, it only returns error up to the caller if
      1) the desired label is different from the existing label, 2) the
      destination fd is of a type that supports setting the selinux context,
      and 3) selinux is in enforcing mode. Otherwise it will return
      success. This follows the pattern of the existing function
      SELinuxSetFilecon().
      d89608f9
  19. 15 1月, 2011 1 次提交
    • E
      domain_conf: split source data out from ChrDef · 98334e7c
      Eric Blake 提交于
      This opens up the possibility of reusing the smaller ChrSourceDef
      for both qemu monitor and a passthrough smartcard device.
      
      * src/conf/domain_conf.h (_virDomainChrDef): Factor host
      details...
      (_virDomainChrSourceDef): ...into new struct.
      (virDomainChrSourceDefFree): New prototype.
      * src/conf/domain_conf.c (virDomainChrDefFree)
      (virDomainChrDefParseXML, virDomainChrDefFormat): Split...
      (virDomainChrSourceDefClear, virDomainChrSourceDefFree)
      (virDomainChrSourceDefParseXML, virDomainChrSourceDefFormat):
      ...into new functions.
      (virDomainChrDefParseTargetXML): Update clients to reflect type
      split.
      * src/vmx/vmx.c (virVMXParseSerial, virVMXParseParallel)
      (virVMXFormatSerial, virVMXFormatParallel): Likewise.
      * src/xen/xen_driver.c (xenUnifiedDomainOpenConsole): Likewise.
      * src/xen/xend_internal.c (xenDaemonParseSxprChar)
      (xenDaemonFormatSxprChr): Likewise.
      * src/vbox/vbox_tmpl.c (vboxDomainDumpXML, vboxAttachSerial)
      (vboxAttachParallel): Likewise.
      * src/security/security_dac.c (virSecurityDACSetChardevLabel)
      (virSecurityDACSetChardevCallback)
      (virSecurityDACRestoreChardevLabel)
      (virSecurityDACRestoreChardevCallback): Likewise.
      * src/security/security_selinux.c (SELinuxSetSecurityChardevLabel)
      (SELinuxSetSecurityChardevCallback)
      (SELinuxRestoreSecurityChardevLabel)
      (SELinuxSetSecurityChardevCallback): Likewise.
      * src/security/virt-aa-helper.c (get_files): Likewise.
      * src/lxc/lxc_driver.c (lxcVmStart, lxcDomainOpenConsole):
      Likewise.
      * src/uml/uml_conf.c (umlBuildCommandLineChr): Likewise.
      * src/uml/uml_driver.c (umlIdentifyOneChrPTY, umlIdentifyChrPTY)
      (umlDomainOpenConsole): Likewise.
      * src/qemu/qemu_command.c (qemuBuildChrChardevStr)
      (qemuBuildChrArgStr, qemuBuildCommandLine)
      (qemuParseCommandLineChr): Likewise.
      * src/qemu/qemu_domain.c (qemuDomainObjPrivateXMLFormat)
      (qemuDomainObjPrivateXMLParse): Likewise.
      * src/qemu/qemu_cgroup.c (qemuSetupChardevCgroup): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
      * src/qemu/qemu_driver.c (qemudFindCharDevicePTYsMonitor)
      (qemudFindCharDevicePTYs, qemuPrepareChardevDevice)
      (qemuPrepareMonitorChr, qemudShutdownVMDaemon)
      (qemuDomainOpenConsole): Likewise.
      * src/qemu/qemu_command.h (qemuBuildChrChardevStr)
      (qemuBuildChrArgStr): Delete, now that they are static.
      * src/libvirt_private.syms (domain_conf.h): New exports.
      * cfg.mk (useless_free_options): Update list.
      * tests/qemuxml2argvtest.c (testCompareXMLToArgvFiles): Update
      tests.
      98334e7c
  20. 11 1月, 2011 1 次提交
    • D
      Refactor the security drivers to simplify usage · d6623003
      Daniel P. Berrange 提交于
      The current security driver usage requires horrible code like
      
          if (driver->securityDriver &&
              driver->securityDriver->domainSetSecurityHostdevLabel &&
              driver->securityDriver->domainSetSecurityHostdevLabel(driver->securityDriver,
                                                                    vm, hostdev) < 0)
      
      This pair of checks for NULL clutters up the code, making the driver
      calls 2 lines longer than they really need to be. The goal of the
      patchset is to change the calling convention to simply
      
        if (virSecurityManagerSetHostdevLabel(driver->securityDriver,
                                              vm, hostdev) < 0)
      
      The first check for 'driver->securityDriver' being NULL is removed
      by introducing a 'no op' security driver that will always be present
      if no real driver is enabled. This guarentees driver->securityDriver
      != NULL.
      
      The second check for 'driver->securityDriver->domainSetSecurityHostdevLabel'
      being non-NULL is hidden in a new abstraction called virSecurityManager.
      This separates the driver callbacks, from main internal API. The addition
      of a virSecurityManager object, that is separate from the virSecurityDriver
      struct also allows for security drivers to carry state / configuration
      information directly. Thus the DAC/Stack drivers from src/qemu which
      used to pull config from 'struct qemud_driver' can now be moved into
      the 'src/security' directory and store their config directly.
      
      * src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update to
        use new virSecurityManager APIs
      * src/qemu/qemu_security_dac.c,  src/qemu/qemu_security_dac.h
        src/qemu/qemu_security_stacked.c, src/qemu/qemu_security_stacked.h:
        Move into src/security directory
      * src/security/security_stack.c, src/security/security_stack.h,
        src/security/security_dac.c, src/security/security_dac.h: Generic
        versions of previous QEMU specific drivers
      * src/security/security_apparmor.c, src/security/security_apparmor.h,
        src/security/security_driver.c, src/security/security_driver.h,
        src/security/security_selinux.c, src/security/security_selinux.h:
        Update to take virSecurityManagerPtr object as the first param
        in all callbacks
      * src/security/security_nop.c, src/security/security_nop.h: Stub
        implementation of all security driver APIs.
      * src/security/security_manager.h, src/security/security_manager.c:
        New internal API for invoking security drivers
      * src/libvirt.c: Add missing debug for security APIs
      d6623003