[libvirt] [PATCH v4 00/25] Fix and enable owner remembering
Michal Privoznik
mprivozn at redhat.com
Thu Apr 25 08:19:36 UTC 2019
This is meant for next release to have the most time possible for
testing. Some of the patches were ACKed in v3 already but since they
don't make sense on their own I haven't pushed them.
v4 of:
https://www.redhat.com/archives/libvir-list/2019-March/msg01948.html
As usual, you can find (not only these) patches on my github:
https://github.com/zippy2/libvirt branch xattr_fixes_v4
diff to v3:
- Some new patches (qemusecuritytest and qemusecuritymock)
- Some other fixes raised by Cole in review of v3 (like double error
reporting and others)
- Remembering is done only for paths that cannot be shared between
domains. This renders refcounting needless because the refcounter
can't ever be greater than one. Nevertheless, I'm keeping it in
because in the long run I might come up with a solution to the problem
of shared resources and having refcounters might help.
Michal Prívozník (25):
qemusecuritymock: Mock virProcessRunInFork
qemusecuritymock: Fix bit arithmetic
qemusecuritymock: Actually set error on failure
qemusecuritymock: Introduce and use freePaths()
qemusecuritytest: Drop unused variable
qemusecuritytest: Use AUTOFREE/AUTOUNREF
qemusecuritytest: Fix capabilities loading
tools: Slightly rework libvirt_recover_xattrs.sh
virSecuritySELinuxRestoreAllLabel: Print @migrated in the debug
message too
virfile: Make virFileGetXAttr report errors
virFileSetXAttr: Report error on failure
virFileRemoveXAttr: Report error on failure
security: Don't skip label restore on file systems lacking XATTRs
security: Document @restore member of transaction list
security_dac: Allow caller to suppress owner remembering
security_selinux: Allow caller to suppress owner remembering
qemusecuritymock: Allow some paths to be not restored
security: Don't remember owner for shared resources
security: Introduce virSecurityManagerMoveImageMetadata
security_util: Introduce virSecurityMoveRememberedLabel
security_dac: Implement virSecurityManagerMoveImageMetadata
security_selinux: Implement virSecurityManagerMoveImageMetadata
qemu_security: Implement qemuSecurityMoveImageMetadata
qemu: Move image security metadata on snapshot activity
Revert "qemu: Temporary disable owner remembering"
docs/news.xml | 13 ++
src/libvirt_private.syms | 2 +
src/qemu/libvirtd_qemu.aug | 1 +
src/qemu/qemu.conf | 5 +
src/qemu/qemu_blockjob.c | 6 +
src/qemu/qemu_conf.c | 4 +
src/qemu/qemu_driver.c | 17 +-
src/qemu/qemu_security.c | 19 +++
src/qemu/qemu_security.h | 5 +
src/qemu/test_libvirtd_qemu.aug.in | 1 +
src/security/security_dac.c | 171 +++++++++++++++----
src/security/security_driver.h | 5 +
src/security/security_manager.c | 39 +++++
src/security/security_manager.h | 4 +
src/security/security_nop.c | 10 ++
src/security/security_selinux.c | 263 ++++++++++++++++++++---------
src/security/security_stack.c | 20 +++
src/security/security_util.c | 73 +++++++-
src/security/security_util.h | 5 +
src/util/virfile.c | 78 +++++++--
src/util/virfile.h | 5 +
src/util/virprocess.h | 3 +-
tests/qemusecuritymock.c | 76 +++++++--
tests/qemusecuritytest.c | 146 ++++++++++------
tests/qemusecuritytest.h | 4 +-
tools/libvirt_recover_xattrs.sh | 50 +++---
26 files changed, 802 insertions(+), 223 deletions(-)
--
2.21.0
More information about the libvir-list
mailing list