Commit Graph

8 Commits

Author SHA1 Message Date
Daniel P. Berrangé
568a417224 Enforce a standard header file guard symbol name
Require that all headers are guarded by a symbol named

  LIBVIRT_$FILENAME

where $FILENAME is the uppercased filename, with all characters
outside a-z changed into '_'.

Note we do not use a leading __ because that is technically a
namespace reserved for the toolchain.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-12-14 10:47:13 +00:00
Daniel P. Berrange
b4b41521fa Add typesafe APIs for virIdentity attributes
Instead of requiring the caller to format to/from strings,
add typesafe APIs todo this work.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2014-09-24 15:29:22 +01:00
Daniel P. Berrange
db7a5688c0 Also store user & group ID values in virIdentity
Future improvements to the polkit code will require access to
the numeric user ID, not merely user name.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 15:04:27 +01:00
Daniel P. Berrange
979e9c56a7 Include process start time when doing polkit checks
Since PIDs can be reused, polkit prefers to be given
a (PID,start time) pair. If given a PID on its own,
it will attempt to lookup the start time in /proc/pid/stat,
though this is subject to races.

It is safer if the client app resolves the PID start
time itself, because as long as the app has the client
socket open, the client PID won't be reused.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:47:45 +01:00
Daniel P. Berrange
b1d753fe40 Rename "security context" to "selinux context"
There are various methods named "virXXXXSecurityContext",
which are specific to SELinux. Rename them all to
"virXXXXSELinuxContext". They will still raise errors at
runtime if SELinux is not compiled in

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-08 10:21:01 +01:00
Daniel P. Berrange
8c5d28c1ad Add API to get the system identity
If no user identity is available, some operations may wish to
use the system identity. ie the identity of the current process
itself. Add an API to get such an identity.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:45:19 +00:00
Daniel P. Berrange
8726e91b3a Add APIs for associating a virIdentityPtr with the current thread
To allow any internal API to get the current identity, add APIs
to associate a virIdentityPtr with the current thread, via a
thread local

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:38:44 +00:00
Daniel P. Berrange
3aabe27247 Define internal APIs for managing identities
Introduce a local object virIdentity for managing security
attributes used to form a client application's identity.
Instances of this object are intended to be used as if they
were immutable, once created & populated with attributes

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:37:37 +00:00