On Fri, Jun 21, 2013 at 11:17:08AM +0200, Michal Privoznik wrote: > On 19.06.2013 19:00, Daniel P. Berrange wrote: > > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> > > > > This is a repost of > > > > http://www.redhat.com/archives/libvir-list/2012-May/msg00090.html > > > > Most of the early patches in that series are now merged. What is > > left is the actual access control work. The first patches setup > > the infrastructure and provide two drivers (policy kit and selinux). > > The remaining patches add access control checks to all the public > > APIs in each driver. The final patch adds a test case to validate > > that every driver API impl has an access control check present. > > > > Still todo > > > > - Optimize the polkit driver by making direct dbus calls > > instead of spawning the polkit helper program > > > > - Add filtering of returned objects from the various > > vir*List* APIs > > > > - Finish adding acl checks to the legacy Xen driver in > > about 6 apis. > > > > - Write a standalone access control driver as alternative > > to polkit > > > > - Audit permission names & groups to ensure we have an > > optimial set of permissions defined to cover all our > > APIs. > > > > Daniel P. Berrange (19): > > Define basic internal API for access control > > Set conn->driver before running driver connectOpen method > > Setup default access control manager in libvirtd > > Add a policy kit access control driver > > Add an SELinux access control driver > > Add ACL annotations to all RPC messages > > Auto-generate helpers for checking access control rules > > Add ACL checks into the QEMU driver > > Add ACL checks into the LXC driver > > Add ACL checks into the UML driver > > Add ACL checks into the Xen driver > > Add ACL checks into the libxl driver > > Add ACL checks into the storage driver > > Add ACL checks into the network driver > > Add ACL checks into the interface driver > > Add ACL checks into the node device driver > > Add ACL checks into the nwfilter driver > > Add ACL checks into the secrets driver > > Add validation that all APIs contain ACL checks > > > > .gitignore | 10 + > > daemon/Makefile.am | 1 + > > daemon/libvirtd-config.c | 4 + > > daemon/libvirtd-config.h | 2 + > > daemon/libvirtd.aug | 1 + > > daemon/libvirtd.c | 28 +- > > daemon/libvirtd.conf | 9 + > > daemon/test_libvirtd.aug.in | 4 + > > include/libvirt/virterror.h | 4 + > > m4/virt-compile-warnings.m4 | 1 + > > m4/virt-selinux.m4 | 2 + > > po/POTFILES.in | 3 + > > src/Makefile.am | 187 ++++++++- > > src/access/genpolkit.pl | 119 ++++++ > > src/access/viraccessdriver.h | 89 ++++ > > src/access/viraccessdrivernop.c | 118 ++++++ > > src/access/viraccessdrivernop.h | 28 ++ > > src/access/viraccessdriverpolkit.c | 399 ++++++++++++++++++ > > src/access/viraccessdriverpolkit.h | 28 ++ > > src/access/viraccessdriverselinux.c | 565 +++++++++++++++++++++++++ > > src/access/viraccessdriverselinux.h | 28 ++ > > src/access/viraccessdriverstack.c | 285 +++++++++++++ > > src/access/viraccessdriverstack.h | 32 ++ > > src/access/viraccessmanager.c | 351 ++++++++++++++++ > > src/access/viraccessmanager.h | 91 ++++ > > src/access/viraccessperm.c | 84 ++++ > > src/access/viraccessperm.h | 647 +++++++++++++++++++++++++++++ > > src/check-aclrules.pl | 144 +++++++ > > src/interface/interface_backend_netcf.c | 115 +++++ > > src/interface/interface_backend_udev.c | 85 +++- > > src/internal.h | 4 + > > src/libvirt.c | 11 +- > > src/libvirt_private.syms | 37 ++ > > src/libxl/libxl_driver.c | 187 ++++++++- > > src/locking/lock_protocol.x | 8 + > > src/lxc/lxc_driver.c | 219 +++++++++- > > src/network/bridge_driver.c | 61 +++ > > src/node_device/node_device_driver.c | 36 ++ > > src/nwfilter/nwfilter_driver.c | 26 ++ > > src/qemu/qemu_driver.c | 716 ++++++++++++++++++++++++++++---- > > src/remote/lxc_protocol.x | 1 + > > src/remote/qemu_protocol.x | 4 + > > src/remote/remote_protocol.x | 406 ++++++++++++++++++ > > src/rpc/gendispatch.pl | 211 +++++++++- > > src/secret/secret_driver.c | 31 ++ > > src/storage/storage_driver.c | 155 ++++++- > > src/uml/uml_driver.c | 174 +++++++- > > src/util/virerror.c | 8 + > > src/util/virlog.c | 3 +- > > src/util/virlog.h | 1 + > > src/xen/xen_driver.c | 217 +++++++++- > > 51 files changed, 5827 insertions(+), 153 deletions(-) > > create mode 100755 src/access/genpolkit.pl > > create mode 100644 src/access/viraccessdriver.h > > create mode 100644 src/access/viraccessdrivernop.c > > create mode 100644 src/access/viraccessdrivernop.h > > create mode 100644 src/access/viraccessdriverpolkit.c > > create mode 100644 src/access/viraccessdriverpolkit.h > > create mode 100644 src/access/viraccessdriverselinux.c > > create mode 100644 src/access/viraccessdriverselinux.h > > create mode 100644 src/access/viraccessdriverstack.c > > create mode 100644 src/access/viraccessdriverstack.h > > create mode 100644 src/access/viraccessmanager.c > > create mode 100644 src/access/viraccessmanager.h > > create mode 100644 src/access/viraccessperm.c > > create mode 100644 src/access/viraccessperm.h > > create mode 100644 src/check-aclrules.pl > > > > > ACK series, but see my comments to patches. I have pushed all except the last patch (test case) and the SELinux driver impl. The SELinux driver impl isn't useful without some selinux policy work, so that can wait. I need to fix some things in the legacy xen driver before the test case can pass. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list