On 08/31/2018 03:33 PM, Daniel P. Berrangé wrote: > On Mon, Aug 27, 2018 at 10:08:13AM +0200, Michal Privoznik wrote: >> v3 of: >> >> https://www.redhat.com/archives/libvir-list/2018-August/msg00814.html >> >> What has changed since v2? A lot. >> - The lock manager was moved into security manager (which requires a lot >> of preparation which is done in first 8 or so patches). >> >> - The VIR_LOCK_SPACE_ACQUIRE_WAIT flag (2/7 in v2) is dropped as it >> turned out to be harmful. virlockd can't block under any >> circumstances. And we can not introduce a thread pool for it. >> >> - While going through the code I've found couple of bugs which I'm >> fixing in first few patches. > > I've not done a detailed per patch code review, but having looked > at the overall design concept across the patches, I think it looks > pretty good. Only one conceptual comment.... > >> cfg.mk | 4 +- >> src/libvirt_private.syms | 2 + >> src/locking/lock_daemon.c | 3 + >> src/locking/lock_daemon_dispatch.c | 25 +- >> src/locking/lock_driver.h | 38 +++ >> src/locking/lock_driver_lockd.c | 520 ++++++++++++++++++++++++++----------- >> src/locking/lock_driver_lockd.h | 1 + >> src/locking/lock_driver_nop.c | 14 + >> src/locking/lock_driver_sanlock.c | 50 ++-- >> src/locking/lock_manager.c | 31 ++- >> src/locking/lock_manager.h | 7 + >> src/qemu/libvirtd_qemu.aug | 1 + >> src/qemu/qemu.conf | 6 + >> src/qemu/qemu_conf.c | 13 + >> src/qemu/qemu_conf.h | 1 + >> src/qemu/qemu_driver.c | 12 +- >> src/qemu/test_libvirtd_qemu.aug.in | 1 + >> src/security/security_dac.c | 213 +++++++++------ >> src/security/security_manager.c | 366 +++++++++++++++++++++++++- >> src/security/security_manager.h | 17 +- > > Why no integration into the security_selinux.c driver ? The apparmor > driver probably doesn't need it as it doesn't touchthe files to setup > its security profile, but SELinux should need protection. Yes it does. I should have noted that selinux driver is WIP. Firstly I wanted to see if the patches I posted are good and if they were I'll post patches for selinux. Sorry for the confusion. Michal -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
