[libvirt] [PATCH 5/7] security: framework for driver PreFork handler
Cole Robinson
crobinso at redhat.com
Thu Jul 25 22:34:14 UTC 2013
On 07/23/2013 11:03 AM, Eric Blake wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=964358
>
> A future patch wants the DAC security manager to be able to safely
> get the supplemental group list for a given uid, but at the time
> of a fork rather than during initialization so as to pick up on
> live changes to the system's group database. This patch adds the
> framework, including the possibility of a pre-fork callback
> failing.
>
> For now, any driver that implements a prefork callback must be
> robust against the possibility of being part of a security stack
> where a later element in the chain fails prefork. This means
> that drivers cannot do any action that requires a call to postfork
> for proper cleanup (no grabbing a mutex, for example). If this
> is too prohibitive in the future, we would have to switch to a
> transactioning sequence, where each driver has (up to) 3 callbacks:
> PreForkPrepare, PreForkCommit, and PreForkAbort, to either clean
> up or commit changes made during prepare.
>
> * src/security/security_driver.h (virSecurityDriverPreFork): New
> callback.
> * src/security/security_manager.h (virSecurityManagerPreFork):
> Change signature.
> * src/security/security_manager.c (virSecurityManagerPreFork):
> Optionally call into driver, and allow returning failure.
> * src/security/security_stack.c (virSecurityDriverStack):
> Wrap the handler for the stack driver.
> * src/qemu/qemu_process.c (qemuProcessStart): Adjust caller.
>
> Signed-off-by: Eric Blake <eblake at redhat.com>
> (cherry picked from commit fdb3bde31ccf8ff172abf00ef5aa974b87af2794)
>
> Conflicts:
> src/security/security_manager.c - context from previous backport differences
ACK
- Cole
More information about the libvir-list
mailing list