Re: [PATCH v3 0/5] Per-guest configurable user/group for QEMU processes

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03.08.2012 16:18, Marcelo Cerri wrote:
> This is a v3 patch series that updates the libvirt's security driver mechanism to support per-guest configurable user and group for QEMU processes running together with other security drivers, such as SELinux and AppArmor.
> 
> Comments and feedbacks are welcome.
> 
> 
> Marcelo Cerri (5):
>   Internal refactory of data structures
>   Multiple security drivers in XML data
>   Update security layer to handle many security labels
>   Support for multiple default security drivers in QEMU config
>   Update the remote API
> 
>  daemon/remote.c                                    |   63 ++++
>  docs/formatdomain.html.in                          |   11 +-
>  docs/schemas/capability.rng                        |   18 +-
>  docs/schemas/domaincommon.rng                      |   30 ++-
>  include/libvirt/libvirt.h.in                       |    2 +
>  python/generator.py                                |    1 +
>  src/conf/capabilities.c                            |   17 +-
>  src/conf/capabilities.h                            |    6 +-
>  src/conf/domain_audit.c                            |   14 +-
>  src/conf/domain_conf.c                             |  342 +++++++++++++++-----
>  src/conf/domain_conf.h                             |   18 +-
>  src/driver.h                                       |    4 +
>  src/libvirt.c                                      |   47 +++
>  src/libvirt_private.syms                           |    5 +
>  src/libvirt_public.syms                            |    5 +
>  src/lxc/lxc_conf.c                                 |    8 +-
>  src/lxc/lxc_controller.c                           |    8 +-
>  src/lxc/lxc_driver.c                               |   11 +-
>  src/lxc/lxc_process.c                              |   23 +-
>  src/qemu/qemu_conf.c                               |   38 ++-
>  src/qemu/qemu_conf.h                               |    2 +-
>  src/qemu/qemu_driver.c                             |  218 +++++++++++---
>  src/qemu/qemu_process.c                            |   50 ++-
>  src/remote/remote_driver.c                         |   46 +++
>  src/remote/remote_protocol.x                       |   17 +-
>  src/remote_protocol-structs                        |    1 +
>  src/security/security_apparmor.c                   |  118 +++++--
>  src/security/security_dac.c                        |  324 +++++++++++++++++--
>  src/security/security_manager.c                    |  101 +++++--
>  src/security/security_manager.h                    |    8 +-
>  src/security/security_selinux.c                    |  256 ++++++++++-----
>  src/security/security_stack.c                      |  237 +++++++++-----
>  src/security/security_stack.h                      |   13 +
>  src/test/test_driver.c                             |   11 +-
>  .../qemuxml2argv-seclabel-dynamic-override.xml     |    4 +-
>  .../qemuxml2argv-seclabel-dynamic.xml              |    2 +-
>  36 files changed, 1634 insertions(+), 445 deletions(-)
> 

Okay, I've done basic review. Basically, I've not spotted something
obviously wrong so I've ACKed all the patches (but see my notes on each
of them because some ACKs are conditional). However, I am not pushing
this for now as I'd like to give others some time to say their opinions.
If nobody complains I think this is in good shape to be pushed in.

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]