[libvirt] [PATCH v1 00/23] Keep original seclabel
Michal Privoznik
mprivozn at redhat.com
Fri Oct 16 14:54:12 UTC 2015
On 12.10.2015 12:25, Michal Privoznik wrote:
> So, you may be familiar with this already. Well, I've tried to get these
> patches in like a year ago (or even more). Point is, these ones are new,
> written from scratch. However, still based on idea, that virtlockd will keep
> the track of the original seclabels. So far only DAC driver is fixed, but the
> infrastructure I'm proposing here is easily extensible to other drivers too.
>
> Even if there's some disagreement on the design, the first few patches fix some
> bugs, so they should make it in.
>
> Michal Privoznik (23):
> virtlockd: Don't SIGSEGV on SIGUSR1
> security_dac: Fix TODO marks
> virSecurityDACSetOwnershipInternal: Don't chown so often
> security_dac: Introduce remember/recall stubs
> virSecurityDACSetOwnership: Pass virSecurityDACDataPtr
> virSecurityDACRestoreSecurityFileLabel: Pass virSecurityDACDataPtr
> security_dac: Limit usage of virSecurityDACSetOwnershipInternal
> security_dac: Plug in remember/recall APIs
> lock_protocol: Add two new remote procedures
> lock_daemon: Switch to wrapper locking functions
> locking: Introduce virSeclabelSpace
> virtlockd: Work virSeclabelSpace in
> virLockDriver: Introduce virLockDriverRemember and virLockDriverRecall
> lock_driver_nop: Implement remember and recall APIs
> lock_driver_lockd: Implement remember and recall APIs
> lock_manager: Implement remember & recall APIs
> locking: Favour enum type over int
> lock_driver: Introduce VIR_LOCK_MANAGER_OBJECT_TYPE_SECLABEL
> virSecurityManagerNewDAC: Pass locking plugin in
> security_dac: Remember security labels
> security_dac: Restore original owner more often
> security: Introduce virSecurityManagerDomainRestoreDirLabel
> qemuProcessStop: Restore seclabels on dirs too
>
> cfg.mk | 2 +-
> po/POTFILES.in | 1 +
> src/Makefile.am | 3 +
> src/libvirt_private.syms | 3 +
> src/lock_protocol-structs | 15 +
> src/locking/lock_daemon.c | 69 ++++-
> src/locking/lock_daemon.h | 8 +
> src/locking/lock_daemon_dispatch.c | 68 +++++
> src/locking/lock_daemon_seclabels.c | 545 ++++++++++++++++++++++++++++++++++++
> src/locking/lock_daemon_seclabels.h | 43 +++
> src/locking/lock_driver.h | 42 ++-
> src/locking/lock_driver_lockd.c | 103 ++++++-
> src/locking/lock_driver_nop.c | 28 +-
> src/locking/lock_driver_sanlock.c | 4 +-
> src/locking/lock_manager.c | 36 ++-
> src/locking/lock_manager.h | 13 +-
> src/locking/lock_protocol.x | 29 +-
> src/qemu/qemu_driver.c | 3 +-
> src/qemu/qemu_process.c | 22 +-
> src/security/security_dac.c | 288 +++++++++++++++----
> src/security/security_dac.h | 2 +
> src/security/security_driver.h | 5 +-
> src/security/security_manager.c | 20 +-
> src/security/security_manager.h | 7 +-
> src/security/security_selinux.c | 16 ++
> src/security/security_stack.c | 20 ++
> 26 files changed, 1310 insertions(+), 85 deletions(-)
> create mode 100644 src/locking/lock_daemon_seclabels.c
> create mode 100644 src/locking/lock_daemon_seclabels.h
>
So, I've fixed all the findings up to 08/23 (inclusive) and pushed it up
till that point. Those patches mostly clean up security driver, fix some
bugs, and prepare the security driver to whatever remembering framework
we come up.
Thank you both guys!
Michal
More information about the libvir-list
mailing list