1. 18 4月, 2013 2 次提交
  2. 12 4月, 2013 2 次提交
  3. 11 4月, 2013 1 次提交
  4. 03 4月, 2013 1 次提交
  5. 02 4月, 2013 8 次提交
  6. 27 3月, 2013 2 次提交
  7. 26 3月, 2013 1 次提交
  8. 21 3月, 2013 1 次提交
  9. 15 3月, 2013 2 次提交
  10. 13 3月, 2013 1 次提交
    • D
      Apply security label when entering LXC namespaces · e4e69e89
      Daniel P. Berrange 提交于
      Add a new virDomainLxcEnterSecurityLabel() function as a
      counterpart to virDomainLxcEnterNamespaces(), which can
      change the current calling process to have a new security
      context. This call runs client side, not in libvirtd
      so we can't use the security driver infrastructure.
      
      When entering a namespace, the process spawned from virsh
      will default to running with the security label of virsh.
      The actual desired behaviour is to run with the security
      label of the container most of the time. So this changes
      virsh lxc-enter-namespace command to invoke the
      virDomainLxcEnterSecurityLabel method.
      
      The current behaviour is:
      
      LABEL                             PID TTY          TIME CMD
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 29 ? 00:00:00 dhclient
      staff_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 47 ? 00:00:00 ps
      
      Note the ps command is running as unconfined_t,  After this patch,
      
      The new behaviour is this:
      
      virsh -c lxc:/// lxc-enter-namespace dan -- /bin/ps -eZ
      LABEL                             PID TTY          TIME CMD
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 1 pts/0 00:00:00 systemd
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 3 pts/1 00:00:00 sh
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 24 ? 00:00:00 systemd-journal
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 32 ? 00:00:00 dhclient
      system_u:system_r:svirt_lxc_net_t:s0:c0.c1023 38 ? 00:00:00 ps
      
      The '--noseclabel' flag can be used to skip security labelling.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e4e69e89
  11. 10 3月, 2013 2 次提交
  12. 08 3月, 2013 1 次提交
  13. 23 2月, 2013 3 次提交
  14. 13 2月, 2013 2 次提交
  15. 04 2月, 2013 1 次提交
  16. 31 1月, 2013 1 次提交
    • J
      Enforce return check on virAsprintf() calls · 46b1d8cf
      John Ferlan 提交于
      Way back when I started making changes for Coverity messages my first set
      were to a bunch of CHECKED_RETURN errors.  In particular virAsprintf() had
      a few callers that Coverity noted didn't check their return (although some
      did check if the buffer being printed to was NULL or not).
      
      It was suggested at the time as a further patch an ATTRIBUTE_RETURN_CHECK
      should be added to virAsprintf(), see:
      
      https://www.redhat.com/archives/libvir-list/2013-January/msg00120.html
      
      This patch does that and fixes a few more instances not found by Coverity
      that failed the check.
      46b1d8cf
  17. 26 1月, 2013 1 次提交
  18. 23 1月, 2013 1 次提交
    • P
      virsh-domain: Refactor error paths for cmdCPUStats · a54f25a9
      Peter Krempa 提交于
      This patch fixes the following issues in the cpu-stats virsh command:
      
      1) Renames label failed_params to no_memory to match coding style
      2) Uses proper typed parameter cleanup in error paths to avoid leaks
      3) Adds a ret variable and simplifies error labels
      4) Changes error message to a slightly more descriptive one and gets rid
         of the newline at the end:
      
      Before:
      $ virsh cpu-stats tr
      error: Failed to virDomainGetCPUStats()
      
      error: Requested operation is not valid: domain is not running
      
      After:
      $ tools/virsh cpu-stats tr
      error: Failed to retrieve CPU statistics for domain 'tr'
      error: Requested operation is not valid: domain is not running
      a54f25a9
  19. 18 1月, 2013 7 次提交