Re: [PATCH v1 00/10] Keep original security label

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10.09.2014 15:26, Michal Privoznik wrote:

I know I've sent several versions like ages ago, so this should
not start with v1, but hey, this is completely new approach, so
I'm gonna start from 1.

Here, the virtlockd is misused to hold the original seclabels
(although only DAC label is implemented so far). Even more, it
does a reference counting, so that only the last label restore
does the job, not the previous ones.

Michal Privoznik (10):
   locking: Allow seclabel remembering
   locking: Implement seclabel stubs for NOP
   domain_lock: Introduce seclabel APIs
   locking: Add virLockSeclabelProtocol
   driver_lockd: Implement seclabel APIs
   lock_daemon: Implement server dispatch
   lock_daemon: Implement seclabel APIs
   security_dac: Cleanup virSecurityDACSetOwnershipInternal usage
   virSecurityManagerNew: Add virLockManagerPluginPtr
   security_dac: Keep original label

  .gitignore                           |   2 +
  src/Makefile.am                      |  34 ++-
  src/libvirt_private.syms             |   4 +
  src/lock_seclabel_protocol-structs   |  21 ++
  src/locking/domain_lock.c            |  65 ++++++
  src/locking/domain_lock.h            |  10 +
  src/locking/lock_daemon.c            | 388 ++++++++++++++++++++++++++++++++++-
  src/locking/lock_daemon.h            |   8 +
  src/locking/lock_daemon_dispatch.c   |  77 +++++++
  src/locking/lock_daemon_dispatch.h   |   3 +
  src/locking/lock_driver.h            |  43 ++++
  src/locking/lock_driver_lockd.c      | 118 ++++++++++-
  src/locking/lock_driver_nop.c        |  22 ++
  src/locking/lock_manager.c           |  26 +++
  src/locking/lock_manager.h           |   9 +
  src/locking/lock_seclabel_protocol.x |  53 +++++
  src/lxc/lxc_controller.c             |   2 +-
  src/lxc/lxc_driver.c                 |   3 +-
  src/qemu/qemu_driver.c               |   7 +-
  src/security/security_dac.c          | 145 ++++++++++---
  src/security/security_manager.c      |  25 ++-
  src/security/security_manager.h      |   6 +-
  tests/Makefile.am                    |   1 +
  tests/qemuhotplugtest.c              |   2 +-
  tests/seclabeltest.c                 |   2 +-
  tests/securityselinuxlabeltest.c     |   2 +-
  tests/securityselinuxtest.c          |   2 +-
  27 files changed, 1028 insertions(+), 52 deletions(-)
  create mode 100644 src/lock_seclabel_protocol-structs
  create mode 100644 src/locking/lock_seclabel_protocol.x



Ping? I'd really like to see this one in the release.

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]