[libvirt] [PATCH v1 00/10] Keep original security label

Michal Privoznik mprivozn at redhat.com
Fri Sep 19 07:58:10 UTC 2014 

On 10.09.2014 15:26, Michal Privoznik wrote:
> I know I've sent several versions like ages ago, so this should
> not start with v1, but hey, this is completely new approach, so
> I'm gonna start from 1.
>
> Here, the virtlockd is misused to hold the original seclabels
> (although only DAC label is implemented so far). Even more, it
> does a reference counting, so that only the last label restore
> does the job, not the previous ones.
>
> Michal Privoznik (10):
>    locking: Allow seclabel remembering
>    locking: Implement seclabel stubs for NOP
>    domain_lock: Introduce seclabel APIs
>    locking: Add virLockSeclabelProtocol
>    driver_lockd: Implement seclabel APIs
>    lock_daemon: Implement server dispatch
>    lock_daemon: Implement seclabel APIs
>    security_dac: Cleanup virSecurityDACSetOwnershipInternal usage
>    virSecurityManagerNew: Add virLockManagerPluginPtr
>    security_dac: Keep original label
>
>   .gitignore                           |   2 +
>   src/Makefile.am                      |  34 ++-
>   src/libvirt_private.syms             |   4 +
>   src/lock_seclabel_protocol-structs   |  21 ++
>   src/locking/domain_lock.c            |  65 ++++++
>   src/locking/domain_lock.h            |  10 +
>   src/locking/lock_daemon.c            | 388 ++++++++++++++++++++++++++++++++++-
>   src/locking/lock_daemon.h            |   8 +
>   src/locking/lock_daemon_dispatch.c   |  77 +++++++
>   src/locking/lock_daemon_dispatch.h   |   3 +
>   src/locking/lock_driver.h            |  43 ++++
>   src/locking/lock_driver_lockd.c      | 118 ++++++++++-
>   src/locking/lock_driver_nop.c        |  22 ++
>   src/locking/lock_manager.c           |  26 +++
>   src/locking/lock_manager.h           |   9 +
>   src/locking/lock_seclabel_protocol.x |  53 +++++
>   src/lxc/lxc_controller.c             |   2 +-
>   src/lxc/lxc_driver.c                 |   3 +-
>   src/qemu/qemu_driver.c               |   7 +-
>   src/security/security_dac.c          | 145 ++++++++++---
>   src/security/security_manager.c      |  25 ++-
>   src/security/security_manager.h      |   6 +-
>   tests/Makefile.am                    |   1 +
>   tests/qemuhotplugtest.c              |   2 +-
>   tests/seclabeltest.c                 |   2 +-
>   tests/securityselinuxlabeltest.c     |   2 +-
>   tests/securityselinuxtest.c          |   2 +-
>   27 files changed, 1028 insertions(+), 52 deletions(-)
>   create mode 100644 src/lock_seclabel_protocol-structs
>   create mode 100644 src/locking/lock_seclabel_protocol.x
>

Ping? I'd really like to see this one in the release.

Michal

More information about the libvir-list mailing list