← Back to branch summary

~ubuntu-branches/ubuntu/quantal/libvirt/quantal

« back to all changes in this revision

Viewing changes to debian/patches/9022-pass-the-virt-driver-name-into-security-drivers

  • Committer: Package Import Robot
  • Author(s): Chuck Short
  • Date: 2012-07-11 12:37:49 UTC
  • mfrom: (1.2.14)
  • Revision ID: package-import@ubuntu.com-20120711123749-gt314clvb7840c6p
Tags: 0.9.13-0ubuntu1
* New upstream version: 
* debian/rules: Remove .la files
* debian/control: Dropped debian vcs info.
* Dropped:
  - debian/paches/9022-pass-the-virt-driver-name-into-security-drivers:
    Already applied upstream.
  - debian/patches/9023-dont-enable-apparmor-driver-with-lxc
    Already applied upstream.
  - debian/patches/9024-initialize-random-generator-in-lxc:
    Already applied upstream.
* Re-diffed:
  - debian/patches/9002-better_default_uri_virsh.patch
* Added:
  - debian/patches/add-libvirt-highbank-support.patch: Add highbank 
    CPU detection support.
  - debian/patches/fix-lxc-container-unmounting.patch: Fix container
    mounting.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/9022-pass-the-virt-driver-name-into-security-drivers
1
 
commit 73580c60d1003c7d93125a0f62b673818a5da9c9
2
 
Author: Daniel Walsh <dwalsh@redhat.com>
3
 
Date:   Thu May 10 17:49:29 2012 +0100
4
 
 
5
 
    Pass the virt driver name into security drivers
6
 
    
7
 
    To allow the security drivers to apply different configuration
8
 
    information per hypervisor, pass the virtualization driver name
9
 
    into the security manager constructor.
10
 
    
11
 
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
12
 
 
13
 
Index: libvirt-0.9.12/src/lxc/lxc_conf.h
14
 
===================================================================
15
 
--- libvirt-0.9.12.orig/src/lxc/lxc_conf.h      2012-06-29 18:16:00.000000000 -0500
16
 
+++ libvirt-0.9.12/src/lxc/lxc_conf.h   2012-06-29 18:16:10.988256316 -0500
17
 
@@ -36,6 +36,8 @@
18
 
 # include "security/security_manager.h"
19
 
 # include "configmake.h"
20
 
 
21
 
+# define LXC_DRIVER_NAME "LXC"
22
 
+
23
 
 # define LXC_CONFIG_DIR SYSCONFDIR "/libvirt/lxc"
24
 
 # define LXC_STATE_DIR LOCALSTATEDIR "/run/libvirt/lxc"
25
 
 # define LXC_LOG_DIR LOCALSTATEDIR "/log/libvirt/lxc"
26
 
Index: libvirt-0.9.12/src/lxc/lxc_controller.c
27
 
===================================================================
28
 
--- libvirt-0.9.12.orig/src/lxc/lxc_controller.c        2012-06-29 18:16:00.000000000 -0500
29
 
+++ libvirt-0.9.12/src/lxc/lxc_controller.c     2012-06-29 18:16:10.992256316 -0500
30
 
@@ -1723,7 +1723,9 @@
31
 
             break;
32
 
 
33
 
         case 'S':
34
 
-            if (!(securityDriver = virSecurityManagerNew(optarg, false, false, false))) {
35
 
+            if (!(securityDriver = virSecurityManagerNew(optarg,
36
 
+                                                         LXC_DRIVER_NAME,
37
 
+                                                         false, false, false))) {
38
 
                 fprintf(stderr, "Cannot create security manager '%s'",
39
 
                         optarg);
40
 
                 goto cleanup;
41
 
@@ -1750,7 +1752,9 @@
42
 
     }
43
 
 
44
 
     if (securityDriver == NULL) {
45
 
-        if (!(securityDriver = virSecurityManagerNew("none", false, false, false))) {
46
 
+        if (!(securityDriver = virSecurityManagerNew("none",
47
 
+                                                     LXC_DRIVER_NAME,
48
 
+                                                     false, false, false))) {
49
 
             fprintf(stderr, "%s: cannot initialize nop security manager", argv[0]);
50
 
             goto cleanup;
51
 
         }
52
 
Index: libvirt-0.9.12/src/lxc/lxc_driver.c
53
 
===================================================================
54
 
--- libvirt-0.9.12.orig/src/lxc/lxc_driver.c    2012-06-29 18:16:00.000000000 -0500
55
 
+++ libvirt-0.9.12/src/lxc/lxc_driver.c 2012-06-29 18:16:10.992256316 -0500
56
 
@@ -2533,7 +2533,9 @@
57
 
 static int
58
 
 lxcSecurityInit(lxc_driver_t *driver)
59
 
 {
60
 
+    VIR_INFO("lxcSecurityInit %s", driver->securityDriverName);
61
 
     virSecurityManagerPtr mgr = virSecurityManagerNew(driver->securityDriverName,
62
 
+                                                      LXC_DRIVER_NAME,
63
 
                                                       false,
64
 
                                                       driver->securityDefaultConfined,
65
 
                                                       driver->securityRequireConfined);
66
 
@@ -3851,7 +3853,7 @@
67
 
 /* Function Tables */
68
 
 static virDriver lxcDriver = {
69
 
     .no = VIR_DRV_LXC,
70
 
-    .name = "LXC",
71
 
+    .name = LXC_DRIVER_NAME,
72
 
     .open = lxcOpen, /* 0.4.2 */
73
 
     .close = lxcClose, /* 0.4.2 */
74
 
     .version = lxcVersion, /* 0.4.6 */
75
 
@@ -3915,7 +3917,7 @@
76
 
 };
77
 
 
78
 
 static virStateDriver lxcStateDriver = {
79
 
-    .name = "LXC",
80
 
+    .name = LXC_DRIVER_NAME,
81
 
     .initialize = lxcStartup,
82
 
     .cleanup = lxcShutdown,
83
 
     .active = lxcActive,
84
 
Index: libvirt-0.9.12/src/qemu/qemu_driver.c
85
 
===================================================================
86
 
--- libvirt-0.9.12.orig/src/qemu/qemu_driver.c  2012-06-29 18:16:10.964256316 -0500
87
 
+++ libvirt-0.9.12/src/qemu/qemu_driver.c       2012-06-29 18:16:11.000256316 -0500
88
 
@@ -95,6 +95,8 @@
89
 
 
90
 
 #define VIR_FROM_THIS VIR_FROM_QEMU
91
 
 
92
 
+#define QEMU_DRIVER_NAME "QEMU"
93
 
+
94
 
 #define QEMU_NB_MEM_PARAM  3
95
 
 
96
 
 #define QEMU_NB_BLOCK_IO_TUNE_PARAM  6
97
 
@@ -213,6 +215,7 @@
98
 
 qemuSecurityInit(struct qemud_driver *driver)
99
 
 {
100
 
     virSecurityManagerPtr mgr = virSecurityManagerNew(driver->securityDriverName,
101
 
+                                                      QEMU_DRIVER_NAME,
102
 
                                                       driver->allowDiskFormatProbing,
103
 
                                                       driver->securityDefaultConfined,
104
 
                                                       driver->securityRequireConfined);
105
 
@@ -221,7 +224,8 @@
106
 
         goto error;
107
 
 
108
 
     if (driver->privileged) {
109
 
-        virSecurityManagerPtr dac = virSecurityManagerNewDAC(driver->user,
110
 
+        virSecurityManagerPtr dac = virSecurityManagerNewDAC(QEMU_DRIVER_NAME,
111
 
+                                                             driver->user,
112
 
                                                              driver->group,
113
 
                                                              driver->allowDiskFormatProbing,
114
 
                                                              driver->securityDefaultConfined,
115
 
@@ -12836,7 +12840,7 @@
116
 
 
117
 
 static virDriver qemuDriver = {
118
 
     .no = VIR_DRV_QEMU,
119
 
-    .name = "QEMU",
120
 
+    .name = QEMU_DRIVER_NAME,
121
 
     .open = qemudOpen, /* 0.2.0 */
122
 
     .close = qemudClose, /* 0.2.0 */
123
 
     .supports_feature = qemudSupportsFeature, /* 0.5.0 */
124
 
@@ -13027,7 +13031,7 @@
125
 
 }
126
 
 
127
 
 static virNWFilterCallbackDriver qemuCallbackDriver = {
128
 
-    .name = "QEMU",
129
 
+    .name = QEMU_DRIVER_NAME,
130
 
     .vmFilterRebuild = qemuVMFilterRebuild,
131
 
     .vmDriverLock = qemuVMDriverLock,
132
 
     .vmDriverUnlock = qemuVMDriverUnlock,
133
 
Index: libvirt-0.9.12/src/security/security_apparmor.c
134
 
===================================================================
135
 
--- libvirt-0.9.12.orig/src/security/security_apparmor.c        2012-06-29 18:16:00.000000000 -0500
136
 
+++ libvirt-0.9.12/src/security/security_apparmor.c     2012-06-29 18:16:12.892256359 -0500
137
 
@@ -328,7 +328,7 @@
138
 
 
139
 
 /* Called on libvirtd startup to see if AppArmor is available */
140
 
 static int
141
 
-AppArmorSecurityManagerProbe(void)
142
 
+AppArmorSecurityManagerProbe(const char *virtDriver ATTRIBUTE_UNUSED)
143
 
 {
144
 
     char *template = NULL;
145
 
     int rc = SECURITY_DRIVER_DISABLE;
146
 
Index: libvirt-0.9.12/src/security/security_dac.c
147
 
===================================================================
148
 
--- libvirt-0.9.12.orig/src/security/security_dac.c     2012-06-29 18:16:00.000000000 -0500
149
 
+++ libvirt-0.9.12/src/security/security_dac.c  2012-06-29 18:16:11.000256316 -0500
150
 
@@ -65,7 +65,7 @@
151
 
 }
152
 
 
153
 
 static virSecurityDriverStatus
154
 
-virSecurityDACProbe(void)
155
 
+virSecurityDACProbe(const char *virtDriver ATTRIBUTE_UNUSED)
156
 
 {
157
 
     return SECURITY_DRIVER_ENABLE;
158
 
 }
159
 
Index: libvirt-0.9.12/src/security/security_driver.c
160
 
===================================================================
161
 
--- libvirt-0.9.12.orig/src/security/security_driver.c  2012-06-29 18:16:00.000000000 -0500
162
 
+++ libvirt-0.9.12/src/security/security_driver.c       2012-06-29 18:16:11.000256316 -0500
163
 
@@ -37,7 +37,8 @@
164
 
     &virSecurityDriverNop, /* Must always be last, since it will always probe */
165
 
 };
166
 
 
167
 
-virSecurityDriverPtr virSecurityDriverLookup(const char *name)
168
 
+virSecurityDriverPtr virSecurityDriverLookup(const char *name,
169
 
+                                             const char *virtDriver)
170
 
 {
171
 
     virSecurityDriverPtr drv = NULL;
172
 
     int i;
173
 
@@ -51,7 +52,7 @@
174
 
             STRNEQ(tmp->name, name))
175
 
             continue;
176
 
 
177
 
-        switch (tmp->probe()) {
178
 
+        switch (tmp->probe(virtDriver)) {
179
 
         case SECURITY_DRIVER_ENABLE:
180
 
             VIR_DEBUG("Probed name=%s", tmp->name);
181
 
             drv = tmp;
182
 
Index: libvirt-0.9.12/src/security/security_driver.h
183
 
===================================================================
184
 
--- libvirt-0.9.12.orig/src/security/security_driver.h  2012-06-29 18:16:00.000000000 -0500
185
 
+++ libvirt-0.9.12/src/security/security_driver.h       2012-06-29 18:16:11.000256316 -0500
186
 
@@ -31,7 +31,7 @@
187
 
 typedef struct _virSecurityDriver virSecurityDriver;
188
 
 typedef virSecurityDriver *virSecurityDriverPtr;
189
 
 
190
 
-typedef virSecurityDriverStatus (*virSecurityDriverProbe) (void);
191
 
+typedef virSecurityDriverStatus (*virSecurityDriverProbe) (const char *virtDriver);
192
 
 typedef int (*virSecurityDriverOpen) (virSecurityManagerPtr mgr);
193
 
 typedef int (*virSecurityDriverClose) (virSecurityManagerPtr mgr);
194
 
 
195
 
@@ -125,6 +125,7 @@
196
 
     virSecurityDomainSetImageFDLabel domainSetSecurityImageFDLabel;
197
 
 };
198
 
 
199
 
-virSecurityDriverPtr virSecurityDriverLookup(const char *name);
200
 
+virSecurityDriverPtr virSecurityDriverLookup(const char *name,
201
 
+                                             const char *virtDriver);
202
 
 
203
 
 #endif /* __VIR_SECURITY_H__ */
204
 
Index: libvirt-0.9.12/src/security/security_manager.c
205
 
===================================================================
206
 
--- libvirt-0.9.12.orig/src/security/security_manager.c 2012-06-29 18:16:00.000000000 -0500
207
 
+++ libvirt-0.9.12/src/security/security_manager.c      2012-06-29 18:16:11.000256316 -0500
208
 
@@ -38,9 +38,11 @@
209
 
     bool allowDiskFormatProbing;
210
 
     bool defaultConfined;
211
 
     bool requireConfined;
212
 
+    const char *virtDriver;
213
 
 };
214
 
 
215
 
 static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr drv,
216
 
+                                                         const char *virtDriver,
217
 
                                                          bool allowDiskFormatProbing,
218
 
                                                          bool defaultConfined,
219
 
                                                          bool requireConfined)
220
 
@@ -56,6 +58,7 @@
221
 
     mgr->allowDiskFormatProbing = allowDiskFormatProbing;
222
 
     mgr->defaultConfined = defaultConfined;
223
 
     mgr->requireConfined = requireConfined;
224
 
+    mgr->virtDriver = virtDriver;
225
 
 
226
 
     if (drv->open(mgr) < 0) {
227
 
         virSecurityManagerFree(mgr);
228
 
@@ -70,6 +73,7 @@
229
 
 {
230
 
     virSecurityManagerPtr mgr =
231
 
         virSecurityManagerNewDriver(&virSecurityDriverStack,
232
 
+                                    virSecurityManagerGetDriver(primary),
233
 
                                     virSecurityManagerGetAllowDiskFormatProbing(primary),
234
 
                                     virSecurityManagerGetDefaultConfined(primary),
235
 
                                     virSecurityManagerGetRequireConfined(primary));
236
 
@@ -83,7 +87,8 @@
237
 
     return mgr;
238
 
 }
239
 
 
240
 
-virSecurityManagerPtr virSecurityManagerNewDAC(uid_t user,
241
 
+virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
242
 
+                                               uid_t user,
243
 
                                                gid_t group,
244
 
                                                bool allowDiskFormatProbing,
245
 
                                                bool defaultConfined,
246
 
@@ -92,6 +97,7 @@
247
 
 {
248
 
     virSecurityManagerPtr mgr =
249
 
         virSecurityManagerNewDriver(&virSecurityDriverDAC,
250
 
+                                    virtDriver,
251
 
                                     allowDiskFormatProbing,
252
 
                                     defaultConfined,
253
 
                                     requireConfined);
254
 
@@ -107,11 +113,12 @@
255
 
 }
256
 
 
257
 
 virSecurityManagerPtr virSecurityManagerNew(const char *name,
258
 
+                                            const char *virtDriver,
259
 
                                             bool allowDiskFormatProbing,
260
 
                                             bool defaultConfined,
261
 
                                             bool requireConfined)
262
 
 {
263
 
-    virSecurityDriverPtr drv = virSecurityDriverLookup(name);
264
 
+    virSecurityDriverPtr drv = virSecurityDriverLookup(name, virtDriver);
265
 
     if (!drv)
266
 
         return NULL;
267
 
 
268
 
@@ -136,6 +143,7 @@
269
 
     }
270
 
 
271
 
     return virSecurityManagerNewDriver(drv,
272
 
+                                       virtDriver,
273
 
                                        allowDiskFormatProbing,
274
 
                                        defaultConfined,
275
 
                                        requireConfined);
276
 
@@ -162,6 +170,12 @@
277
 
 }
278
 
 
279
 
 const char *
280
 
+virSecurityManagerGetDriver(virSecurityManagerPtr mgr)
281
 
+{
282
 
+    return mgr->virtDriver;
283
 
+}
284
 
+
285
 
+const char *
286
 
 virSecurityManagerGetDOI(virSecurityManagerPtr mgr)
287
 
 {
288
 
     if (mgr->drv->getDOI)
289
 
Index: libvirt-0.9.12/src/security/security_manager.h
290
 
===================================================================
291
 
--- libvirt-0.9.12.orig/src/security/security_manager.h 2012-06-29 18:16:00.000000000 -0500
292
 
+++ libvirt-0.9.12/src/security/security_manager.h      2012-06-29 18:16:11.004256316 -0500
293
 
@@ -32,6 +32,7 @@
294
 
 typedef virSecurityManager *virSecurityManagerPtr;
295
 
 
296
 
 virSecurityManagerPtr virSecurityManagerNew(const char *name,
297
 
+                                            const char *virtDriver,
298
 
                                             bool allowDiskFormatProbing,
299
 
                                             bool defaultConfined,
300
 
                                             bool requireConfined);
301
 
@@ -39,7 +40,8 @@
302
 
 virSecurityManagerPtr virSecurityManagerNewStack(virSecurityManagerPtr primary,
303
 
                                                  virSecurityManagerPtr secondary);
304
 
 
305
 
-virSecurityManagerPtr virSecurityManagerNewDAC(uid_t user,
306
 
+virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
307
 
+                                               uid_t user,
308
 
                                                gid_t group,
309
 
                                                bool allowDiskFormatProbing,
310
 
                                                bool defaultConfined,
311
 
@@ -50,6 +52,7 @@
312
 
 
313
 
 void virSecurityManagerFree(virSecurityManagerPtr mgr);
314
 
 
315
 
+const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
316
 
 const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
317
 
 const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
318
 
 bool virSecurityManagerGetAllowDiskFormatProbing(virSecurityManagerPtr mgr);
319
 
Index: libvirt-0.9.12/src/security/security_nop.c
320
 
===================================================================
321
 
--- libvirt-0.9.12.orig/src/security/security_nop.c     2012-06-29 18:16:00.000000000 -0500
322
 
+++ libvirt-0.9.12/src/security/security_nop.c  2012-06-29 18:16:11.004256316 -0500
323
 
@@ -21,7 +21,7 @@
324
 
 
325
 
 #include "security_nop.h"
326
 
 
327
 
-static virSecurityDriverStatus virSecurityDriverProbeNop(void)
328
 
+static virSecurityDriverStatus virSecurityDriverProbeNop(const char *virtDriver ATTRIBUTE_UNUSED)
329
 
 {
330
 
     return SECURITY_DRIVER_ENABLE;
331
 
 }
332
 
Index: libvirt-0.9.12/src/security/security_selinux.c
333
 
===================================================================
334
 
--- libvirt-0.9.12.orig/src/security/security_selinux.c 2012-06-29 18:16:00.000000000 -0500
335
 
+++ libvirt-0.9.12/src/security/security_selinux.c      2012-06-29 18:16:11.004256316 -0500
336
 
@@ -346,7 +346,7 @@
337
 
 
338
 
 
339
 
 static int
340
 
-SELinuxSecurityDriverProbe(void)
341
 
+SELinuxSecurityDriverProbe(const char *virtDriver ATTRIBUTE_UNUSED)
342
 
 {
343
 
     return is_selinux_enabled() ? SECURITY_DRIVER_ENABLE : SECURITY_DRIVER_DISABLE;
344
 
 }
345
 
Index: libvirt-0.9.12/src/security/security_stack.c
346
 
===================================================================
347
 
--- libvirt-0.9.12.orig/src/security/security_stack.c   2012-06-29 18:16:00.000000000 -0500
348
 
+++ libvirt-0.9.12/src/security/security_stack.c        2012-06-29 18:16:11.004256316 -0500
349
 
@@ -49,7 +49,7 @@
350
 
 }
351
 
 
352
 
 static virSecurityDriverStatus
353
 
-virSecurityStackProbe(void)
354
 
+virSecurityStackProbe(const char *virtDriver ATTRIBUTE_UNUSED)
355
 
 {
356
 
     return SECURITY_DRIVER_ENABLE;
357
 
 }
358
 
Index: libvirt-0.9.12/tests/seclabeltest.c
359
 
===================================================================
360
 
--- libvirt-0.9.12.orig/tests/seclabeltest.c    2012-06-29 18:16:00.000000000 -0500
361
 
+++ libvirt-0.9.12/tests/seclabeltest.c 2012-06-29 18:16:11.004256316 -0500
362
 
@@ -13,7 +13,7 @@
363
 
     virSecurityManagerPtr mgr;
364
 
     const char *doi, *model;
365
 
 
366
 
-    mgr = virSecurityManagerNew(NULL, false, true, false);
367
 
+    mgr = virSecurityManagerNew(NULL, "QEMU", false, true, false);
368
 
     if (mgr == NULL) {
369
 
         fprintf (stderr, "Failed to start security driver");
370
 
         exit (-1);