On 07/23/2013 11:03 AM, Eric Blake wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=964358 > > A future patch wants the DAC security manager to be able to safely > get the supplemental group list for a given uid, but at the time > of a fork rather than during initialization so as to pick up on > live changes to the system's group database. This patch adds the > framework, including the possibility of a pre-fork callback > failing. > > For now, any driver that implements a prefork callback must be > robust against the possibility of being part of a security stack > where a later element in the chain fails prefork. This means > that drivers cannot do any action that requires a call to postfork > for proper cleanup (no grabbing a mutex, for example). If this > is too prohibitive in the future, we would have to switch to a > transactioning sequence, where each driver has (up to) 3 callbacks: > PreForkPrepare, PreForkCommit, and PreForkAbort, to either clean > up or commit changes made during prepare. > > * src/security/security_driver.h (virSecurityDriverPreFork): New > callback. > * src/security/security_manager.h (virSecurityManagerPreFork): > Change signature. > * src/security/security_manager.c (virSecurityManagerPreFork): > Optionally call into driver, and allow returning failure. > * src/security/security_stack.c (virSecurityDriverStack): > Wrap the handler for the stack driver. > * src/qemu/qemu_process.c (qemuProcessStart): Adjust caller. > > Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> > (cherry picked from commit fdb3bde31ccf8ff172abf00ef5aa974b87af2794) > > Conflicts: > src/security/security_manager.c - context from previous backport differences ACK - Cole -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list