[PATCH 0/9] Pass identity information between daemons

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This was previously posted as part of the daemon split series:

  https://www.redhat.com/archives/libvir-list/2019-July/msg01754.html

The patches were not merged at the time since they needed more work
which is now done by this series.

This is all about enabling the polkit fine grain auth checks to
work correctly with the split daemons

A mgmt app running non-root will connect to virtqemud. virtqemud
sees the client identity as the non-root user.  virtqemud in turn
may connect to virtnetworkd, forwarding API calls that the mgmt
app makes. virtnetworkd sees the client identity as the root user.

This series allows virtqemud to pass on the non-root identity of
the mgmt app to virtnetworkd, so that polkit checks are done against
the correct identity.

Daniel P. Berrangé (9):
  api: introduce virConnectSetIdentity for passing uid, gid, selinux
    info
  util: change identity class attribute names
  tests: fix debug messages wrt selinux context when test fails
  util: make generic identity accessors private
  util: removed unused virIdentityIsEqual method
  util: sanitize return values for virIdentity getters
  util: store identity attrs as virTypedParameter internally
  util: allow identity to be imported/exported as typed parameters
  remote: pass identity across to newly opened daemons

 include/libvirt/libvirt-host.h      |  74 +++++
 src/access/viraccessdriverpolkit.c  |  22 +-
 src/admin/admin_server.c            |  52 +--
 src/driver-hypervisor.h             |   7 +
 src/libvirt-host.c                  |  51 +++
 src/libvirt_private.syms            |  21 +-
 src/libvirt_public.syms             |   4 +
 src/libvirt_remote.syms             |   1 +
 src/remote/remote_daemon_dispatch.c | 112 ++++++-
 src/remote/remote_driver.c          |   1 +
 src/remote/remote_protocol.x        |  16 +-
 src/remote_protocol-structs         |   8 +
 src/rpc/virnetserverclient.c        |  20 +-
 src/rpc/virnetserverclient.h        |   2 +
 src/util/viridentity.c              | 488 ++++++++++++++++------------
 src/util/viridentity.h              |  71 ++--
 tests/viridentitytest.c             | 115 ++-----
 tests/virnetserverclienttest.c      |  40 +--
 18 files changed, 672 insertions(+), 433 deletions(-)

-- 
2.21.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux