[libvirt] [PATCH v2 0/5] Don't run whole sec driver in namespace

Michal Privoznik mprivozn at redhat.com
Mon Jan 9 12:58:50 UTC 2017


v2 of:

https://www.redhat.com/archives/libvir-list/2016-December/msg00907.html

diff to v1:
- Pushed 1/6 from the original series as it was ACKed
- Added more comments
- Fixed return value of virSecurityDACTransactionAppend and virSecuritySELinuxTransactionAppend
- Dropped ignore_value() around virThreadLocalSet()
- Unset thread local just in transactionCommit APIs

I have not implemented any rollback yet, but I've added comments
where the implementation should go ;-)

Michal Privoznik (5):
  security_dac: Resolve virSecurityDACSetOwnershipInternal const
    correctness
  security driver: Introduce transaction APIs
  security_dac: Implement transaction APIs
  security_selinux: Implement transaction APIs
  qemu: Use transactions from security driver

 src/libvirt_private.syms              |   3 +
 src/qemu/qemu_driver.c                |  25 ++--
 src/qemu/qemu_security.c              | 100 ++++---------
 src/security/security_dac.c           | 261 +++++++++++++++++++++++++++++++++-
 src/security/security_driver.h        |   9 ++
 src/security/security_manager.c       |  68 +++++++++
 src/security/security_manager.h       |   7 +-
 src/security/security_selinux.c       | 256 ++++++++++++++++++++++++++++++++-
 src/security/security_stack.c         |  49 +++++++
 src/storage/storage_backend.h         |   2 +-
 src/storage/storage_backend_fs.c      |   2 +-
 src/storage/storage_backend_gluster.c |   2 +-
 src/storage/storage_driver.c          |   6 +-
 src/storage/storage_driver.h          |   4 +-
 src/util/virstoragefile.c             |   2 +-
 src/util/virstoragefile.h             |   2 +-
 16 files changed, 703 insertions(+), 95 deletions(-)

-- 
2.11.0




More information about the libvir-list mailing list