Commit Graph

5 Commits

Author SHA1 Message Date
Daniel P. Berrange
5247b0695a Ensure sanlock socket is labelled with the VM process label
The libvirt sanlock plugin is intentionally leaking a file
descriptor to QEMU. To enable QEMU to use this FD under
SELinux, it must be labelled correctly. We dont want to use
the svirt_image_t for this, since QEMU must not be allowed
to actually use the FD. So instead we label it with svirt_t
using virSecurityManagerSetProcessFDLabel

* src/locking/domain_lock.c, src/locking/domain_lock.h,
  src/locking/lock_driver.h, src/locking/lock_driver_nop.c,
  src/locking/lock_driver_sanlock.c, src/locking/lock_manager.c,
  src/locking/lock_manager.h: Optionally pass an FD back to
  the hypervisor for security driver labelling
* src/qemu/qemu_process.c: label the lock manager plugin
  FD with the process label
2011-06-28 16:41:46 +01:00
Matthias Bolte
6b5c589d84 Make dlopen usage in lock manager conditional
This fixes a build failure on MinGW, due to MinGW not supporting dlopen.
2011-06-03 16:46:09 +02:00
Eric Blake
0a41733c13 lock: avoid leak on failure
Detected by Coverity.  Only possible on OOM situations.

* src/locking/lock_manager.c (virLockManagerPluginNew): Plug leak.
2011-06-03 08:11:43 -06:00
Daniel P. Berrange
db98851c24 Add a 'nop' lock driver implementation.
To allow hypervisor drivers to assume that a lock driver impl
will be guaranteed to exist, provide a 'nop' impl that is
compiled into the library

* src/Makefile.am: Add nop driver
* src/locking/lock_driver_nop.c, src/locking/lock_driver_nop.h:
  Nop lock driver implementation
* src/locking/lock_manager.c: Enable direct access of 'nop'
  driver, instead of dlopen()ing it.
2011-06-02 10:54:00 +01:00
Daniel P. Berrange
6a943419c5 Basic framework for lock manager plugins
Define the basic framework lock manager plugins. The
basic plugin API for 3rd parties to implemented is
defined in

  src/locking/lock_driver.h

This allows dlopen()able modules for alternative locking
schemes, however, we do not install the header. This
requires lock plugins to be in-tree allowing changing of
the lock manager plugin API in future.

The libvirt code for loading & calling into plugins
is in

  src/locking/lock_manager.{c,h}

* include/libvirt/virterror.h, src/util/virterror.c: Add
  VIR_FROM_LOCKING
* src/locking/lock_driver.h: API for lock driver plugins
  to implement
* src/locking/lock_manager.c, src/locking/lock_manager.h:
  Internal API for managing locking
* src/Makefile.am: Add locking code
2011-06-02 10:54:00 +01:00