[libvirt] [PATCH 00/19] Fine grained access control for libvirt APIs
Daniel P. Berrange
berrange at redhat.com
Mon Jun 24 14:28:19 UTC 2013
On Fri, Jun 21, 2013 at 11:17:08AM +0200, Michal Privoznik wrote:
> On 19.06.2013 19:00, Daniel P. Berrange wrote:
> > From: "Daniel P. Berrange" <berrange at redhat.com>
> >
> > This is a repost of
> >
> > http://www.redhat.com/archives/libvir-list/2012-May/msg00090.html
> >
> > Most of the early patches in that series are now merged. What is
> > left is the actual access control work. The first patches setup
> > the infrastructure and provide two drivers (policy kit and selinux).
> > The remaining patches add access control checks to all the public
> > APIs in each driver. The final patch adds a test case to validate
> > that every driver API impl has an access control check present.
> >
> > Still todo
> >
> > - Optimize the polkit driver by making direct dbus calls
> > instead of spawning the polkit helper program
> >
> > - Add filtering of returned objects from the various
> > vir*List* APIs
> >
> > - Finish adding acl checks to the legacy Xen driver in
> > about 6 apis.
> >
> > - Write a standalone access control driver as alternative
> > to polkit
> >
> > - Audit permission names & groups to ensure we have an
> > optimial set of permissions defined to cover all our
> > APIs.
> >
> > Daniel P. Berrange (19):
> > Define basic internal API for access control
> > Set conn->driver before running driver connectOpen method
> > Setup default access control manager in libvirtd
> > Add a policy kit access control driver
> > Add an SELinux access control driver
> > Add ACL annotations to all RPC messages
> > Auto-generate helpers for checking access control rules
> > Add ACL checks into the QEMU driver
> > Add ACL checks into the LXC driver
> > Add ACL checks into the UML driver
> > Add ACL checks into the Xen driver
> > Add ACL checks into the libxl driver
> > Add ACL checks into the storage driver
> > Add ACL checks into the network driver
> > Add ACL checks into the interface driver
> > Add ACL checks into the node device driver
> > Add ACL checks into the nwfilter driver
> > Add ACL checks into the secrets driver
> > Add validation that all APIs contain ACL checks
> >
> > .gitignore | 10 +
> > daemon/Makefile.am | 1 +
> > daemon/libvirtd-config.c | 4 +
> > daemon/libvirtd-config.h | 2 +
> > daemon/libvirtd.aug | 1 +
> > daemon/libvirtd.c | 28 +-
> > daemon/libvirtd.conf | 9 +
> > daemon/test_libvirtd.aug.in | 4 +
> > include/libvirt/virterror.h | 4 +
> > m4/virt-compile-warnings.m4 | 1 +
> > m4/virt-selinux.m4 | 2 +
> > po/POTFILES.in | 3 +
> > src/Makefile.am | 187 ++++++++-
> > src/access/genpolkit.pl | 119 ++++++
> > src/access/viraccessdriver.h | 89 ++++
> > src/access/viraccessdrivernop.c | 118 ++++++
> > src/access/viraccessdrivernop.h | 28 ++
> > src/access/viraccessdriverpolkit.c | 399 ++++++++++++++++++
> > src/access/viraccessdriverpolkit.h | 28 ++
> > src/access/viraccessdriverselinux.c | 565 +++++++++++++++++++++++++
> > src/access/viraccessdriverselinux.h | 28 ++
> > src/access/viraccessdriverstack.c | 285 +++++++++++++
> > src/access/viraccessdriverstack.h | 32 ++
> > src/access/viraccessmanager.c | 351 ++++++++++++++++
> > src/access/viraccessmanager.h | 91 ++++
> > src/access/viraccessperm.c | 84 ++++
> > src/access/viraccessperm.h | 647 +++++++++++++++++++++++++++++
> > src/check-aclrules.pl | 144 +++++++
> > src/interface/interface_backend_netcf.c | 115 +++++
> > src/interface/interface_backend_udev.c | 85 +++-
> > src/internal.h | 4 +
> > src/libvirt.c | 11 +-
> > src/libvirt_private.syms | 37 ++
> > src/libxl/libxl_driver.c | 187 ++++++++-
> > src/locking/lock_protocol.x | 8 +
> > src/lxc/lxc_driver.c | 219 +++++++++-
> > src/network/bridge_driver.c | 61 +++
> > src/node_device/node_device_driver.c | 36 ++
> > src/nwfilter/nwfilter_driver.c | 26 ++
> > src/qemu/qemu_driver.c | 716 ++++++++++++++++++++++++++++----
> > src/remote/lxc_protocol.x | 1 +
> > src/remote/qemu_protocol.x | 4 +
> > src/remote/remote_protocol.x | 406 ++++++++++++++++++
> > src/rpc/gendispatch.pl | 211 +++++++++-
> > src/secret/secret_driver.c | 31 ++
> > src/storage/storage_driver.c | 155 ++++++-
> > src/uml/uml_driver.c | 174 +++++++-
> > src/util/virerror.c | 8 +
> > src/util/virlog.c | 3 +-
> > src/util/virlog.h | 1 +
> > src/xen/xen_driver.c | 217 +++++++++-
> > 51 files changed, 5827 insertions(+), 153 deletions(-)
> > create mode 100755 src/access/genpolkit.pl
> > create mode 100644 src/access/viraccessdriver.h
> > create mode 100644 src/access/viraccessdrivernop.c
> > create mode 100644 src/access/viraccessdrivernop.h
> > create mode 100644 src/access/viraccessdriverpolkit.c
> > create mode 100644 src/access/viraccessdriverpolkit.h
> > create mode 100644 src/access/viraccessdriverselinux.c
> > create mode 100644 src/access/viraccessdriverselinux.h
> > create mode 100644 src/access/viraccessdriverstack.c
> > create mode 100644 src/access/viraccessdriverstack.h
> > create mode 100644 src/access/viraccessmanager.c
> > create mode 100644 src/access/viraccessmanager.h
> > create mode 100644 src/access/viraccessperm.c
> > create mode 100644 src/access/viraccessperm.h
> > create mode 100644 src/check-aclrules.pl
> >
>
>
> ACK series, but see my comments to patches.
I have pushed all except the last patch (test case) and the SELinux
driver impl. The SELinux driver impl isn't useful without some selinux
policy work, so that can wait.
I need to fix some things in the legacy xen driver before the test
case can pass.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list