[libvirt] [PATCH v4 0/3] expose baselabel for each sec model/virt type
Giuseppe Scrivano
gscrivan at redhat.com
Fri Oct 18 12:13:18 UTC 2013
Now each security model can define its own base label, that describes
the default security context used by libvirt to run an hypervisor
process. This information is exposed to users trough the host
capabilities XML.
*v4 major changes
- Refactor virSecurityDACSetUser and virSecurityDACSetGroup in a
separate patch
- virSecurityManagerGetBaseLabel never causes a VIR_ERR_NO_SUPPORT
error.
*v3 major changes
- support LXC
- merge virSecurityDACSetUser and virSecurityDACSetGroup in
virSecurityDACSetUserAndGroup
- DAC sets the baselabel in virSecurityDACSetUserAndGroup
- Use virDomainVirtTypeToString instead of hardcoding the name
Giuseppe Scrivano (3):
security: use a single function to set DAC user and group
security: add new internal function "virSecurityManagerGetBaseLabel"
capabilities: add baselabel per sec driver/virt type to secmodel
docs/schemas/capability.rng | 8 ++++
src/conf/capabilities.c | 60 +++++++++++++++++++++++++++-
src/conf/capabilities.h | 14 +++++++
src/libvirt_private.syms | 2 +
src/lxc/lxc_conf.c | 10 ++++-
src/qemu/qemu_conf.c | 21 ++++++++--
src/security/security_apparmor.c | 8 ++++
src/security/security_dac.c | 34 +++++++++++-----
src/security/security_dac.h | 7 ++--
src/security/security_driver.h | 4 ++
src/security/security_manager.c | 21 +++++++++-
src/security/security_manager.h | 2 +
src/security/security_nop.c | 10 +++++
src/security/security_selinux.c | 12 ++++++
src/security/security_stack.c | 9 +++++
tests/capabilityschemadata/caps-qemu-kvm.xml | 2 +
tests/capabilityschemadata/caps-test3.xml | 2 +
17 files changed, 203 insertions(+), 23 deletions(-)
--
1.8.3.1
More information about the libvir-list
mailing list