An alternative take on [1] based on review feedback. The need to have something like this in the first place is driven by KubeVirt (see [2] and [3]). A draft version of this series has been integrated into KubeVirt and it has been confirmed that it was effective in removing the need to use LD_PRELOAD hacks in the storage provider. CC'ing Stefan so he can have a look at the TPM part and shout if I've gotten anything wrong :) [1] https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/thread/MMKVR54LD3SDG5CMSXUECV7I57LMJJTH/ [2] https://issues.redhat.com/browse/CNV-34322 [3] https://issues.redhat.com/browse/CNV-39370 Andrea Bolognani (10): security: Fix alignment security: Fix name for _virSecurityDACChardevCallbackData security: Drop virSecurity(DAC|SELinux)RestoreImageLabelSingle() security: Drop virSecurity(DAC|SELinux)SetImageLabelRelative() qemu: Tweak augeas schema qemu: Introduce shared_filesystems configuration option qemu: Propagate shared_filesystems utils: Use overrides in virFileIsSharedFS() qemu: Always set labels for TPM state NEWS: Document qemu shared_filesystems option NEWS.rst | 7 +++ src/lxc/lxc_controller.c | 2 +- src/lxc/lxc_driver.c | 2 +- src/lxc/lxc_process.c | 4 +- src/qemu/libvirtd_qemu.aug | 11 ++-- src/qemu/qemu.conf.in | 17 ++++++ src/qemu/qemu_conf.c | 17 ++++++ src/qemu/qemu_conf.h | 2 + src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_extdevice.c | 2 +- src/qemu/qemu_migration.c | 12 ++-- src/qemu/qemu_security.c | 14 ++++- src/qemu/qemu_tpm.c | 36 ++++++------ src/qemu/qemu_tpm.h | 8 ++- src/qemu/test_libvirtd_qemu.aug.in | 5 ++ src/security/security_apparmor.c | 2 + src/security/security_dac.c | 67 +++++++++------------- src/security/security_driver.h | 4 ++ src/security/security_manager.c | 34 +++++++----- src/security/security_manager.h | 20 ++++--- src/security/security_nop.c | 4 ++ src/security/security_selinux.c | 58 ++++++++----------- src/security/security_stack.c | 16 ++++-- src/util/virfile.c | 89 +++++++++++++++++++++++++----- src/util/virfile.h | 3 +- tests/securityselinuxlabeltest.c | 2 +- tests/virfiletest.c | 2 +- 27 files changed, 289 insertions(+), 153 deletions(-) -- 2.44.0 _______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
