libvirt

mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-09-08 16:54:49 +00:00

History

Daniel P. Berrange b170eb99f5 Add two new security label types Curently security labels can be of type 'dynamic' or 'static'. If no security label is given, then 'dynamic' is assumed. The current code takes advantage of this default, and avoids even saving <seclabel> elements with type='dynamic' to disk. This means if you temporarily change security driver, the guests can all still start. With the introduction of sVirt to LXC though, there needs to be a new default of 'none' to allow unconfined LXC containers. This patch introduces two new security label types - default: the host configuration decides whether to run the guest with type 'none' or 'dynamic' at guest start - none: the guest will run unconfined by security policy The 'none' label type will obviously be undesirable for some deployments, so a new qemu.conf option allows a host admin to mandate confined guests. It is also possible to turn off default confinement security_default_confined = 1\|0 (default == 1) security_require_confined = 1\|0 (default == 0) * src/conf/domain_conf.c, src/conf/domain_conf.h: Add new seclabel types * src/security/security_manager.c, src/security/security_manager.h: Set default sec label types * src/security/security_selinux.c: Handle 'none' seclabel type * src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h, src/qemu/libvirtd_qemu.aug: New security config options * src/qemu/qemu_driver.c: Tell security driver about default config		2012-02-02 17:44:37 -07:00
..
capabilityschemadata	microblaze: Add architecture support	2011-07-07 17:49:21 -06:00
commanddata	command: handle empty buffer argument correctly	2011-12-03 15:55:46 -07:00
confdata
cputestdata	x86: add kvm32 and kvm64, update qemu64	2012-01-27 16:51:49 +01:00
domainschemadata	xml: Add element <title> to allow short description of domains	2012-02-01 14:41:13 -07:00
domainsnapshotxml2xmlin	snapshot: also support disks by path	2011-09-05 07:03:04 -06:00
domainsnapshotxml2xmlout	metadata: group metadata next to description	2012-01-24 17:40:23 -07:00
interfaceschemadata
networkxml2argvdata	tests: dynamically replace dnsmasq path	2012-02-01 17:02:45 -07:00
networkxml2xmlin	Adding the element pf to network xml.	2012-01-11 13:10:21 -07:00
networkxml2xmlout	Adding the element pf to network xml.	2012-01-11 13:10:21 -07:00
nodedevschemadata
nodeinfodata	Modify the tests/nodeinfotest.c to use sysfs in addition	2011-12-08 08:39:26 -05:00
nwfilterxml2xmlin	Add test cases for new ways to access variables in filters	2012-01-11 06:42:37 -05:00
nwfilterxml2xmlout	Add test cases for new ways to access variables in filters	2012-01-11 06:42:37 -05:00
qemuhelpdata	Add support for QEMU 1.0	2011-12-05 13:02:54 +01:00
qemuxml2argvdata	xml: Add element <title> to allow short description of domains	2012-02-01 14:41:13 -07:00
qemuxml2xmloutdata	metadata: group metadata next to description	2012-01-24 17:40:23 -07:00
qemuxmlnsdata	qemu: Test name-space handling	2011-10-19 07:59:59 -06:00
sexpr2xmldata	xen_xs: Guard against set but empty kernel argument	2011-10-10 22:58:04 +02:00
storagepoolxml2xmlin
storagepoolxml2xmlout
storagevolxml2xmlin
storagevolxml2xmlout
vmx2xmldata
xencapsdata	Add suspend info to Xen, LXC and UML hypervisor capabilities	2011-11-30 10:12:30 +00:00
xmconfigdata	conf: add <listen> subelement to domain <graphics> element	2011-07-28 13:46:39 -04:00
xml2sexprdata	Do not drop kernel cmdline for xen pv domains	2011-07-11 09:11:15 -06:00
xml2vmxdata
.gitignore	Add internal APIs for dealing with time	2011-11-30 11:43:49 +00:00
.valgrind.supp
capabilityschematest
commandhelper.c	build: rename files.h to virfile.h	2011-07-21 10:34:51 -06:00
commandtest.c	tests: fix reversed comparisons	2012-01-27 16:35:14 -07:00
conftest.c
cpuset
cputest.c	API: make declaration of _LAST enum values conditional	2012-01-20 16:05:51 -07:00
daemon-conf
define-dev-segfault	Add domain type checking	2011-07-11 19:38:51 +02:00
domainschematest
domainsnapshotschematest
domainsnapshotxml2xmltest.c	Allow custom metadata in domain configuration XML	2012-01-24 17:06:34 -07:00
esxutilstest.c	build: properly skip tests	2011-12-01 13:49:20 -07:00
eventtest.c
int-overflow	tests: Don't use bash if we don't have to	2011-07-29 17:17:21 +02:00
interfaceschematest
interfacexml2xmltest.c
jsontest.c	Add test case for parsing JSON docs	2011-06-30 18:04:02 +01:00
libvirtd-fail
libvirtd-pool
Makefile.am	Rename hash.h and hash.c to virhash.h and virhash.c	2012-01-26 14:11:13 +00:00
networkschematest
networkxml2argvtest.c	tests: dynamically replace dnsmasq path	2012-02-01 17:02:45 -07:00
networkxml2xmltest.c	Added new option to virsh net-dumpxml called --inactive	2012-01-11 13:15:09 -07:00
nodedevschematest
nodedevxml2xmltest.c
nodeinfotest.c	tests: plug memory leak on linuxTestNodeInfo	2011-12-13 10:03:01 +01:00
nwfilterschematest
nwfilterxml2xmltest.c	Add test cases for new ways to access variables in filters	2012-01-11 06:42:37 -05:00
object-locking.ml
oomtrace.pl
openvzutilstest.c	build: properly skip tests	2011-12-01 13:49:20 -07:00
openvzutilstest.conf
pkix_asn1_tab.c	Add a test case for certificate validation	2011-07-22 15:18:32 +01:00
qemuargv2xmltest.c	qemu: parse and create -cpu ...,-kvmclock	2012-01-27 16:51:50 +01:00
qemuhelptest.c	qemu: require qmp on new enough qemu	2012-01-27 08:45:50 -07:00
qemuxml2argvtest.c	qemu: (and conf) support rombar for network devices	2012-01-30 12:25:32 -05:00
qemuxml2xmltest.c	qemu: (and conf) support rombar for network devices	2012-01-30 12:25:32 -05:00
qemuxmlnstest.c	qemu: Add a capability flag for -no-acpi	2011-12-20 12:33:55 -07:00
qparamtest.c
read-bufsiz
read-non-seekable
reconnect.c	tests: avoid xend ABRT crash report	2011-11-18 15:00:18 -07:00
schematestutils.sh	tests: fix schema checks sorting	2011-12-22 13:01:09 -07:00
seclabeltest.c	Add two new security label types	2012-02-02 17:44:37 -07:00
sexpr2xmltest.c	xen_xs: Guard against set but empty kernel argument	2011-10-10 22:58:04 +02:00
shunloadhelper.c	Prevent crash from dlclose() of libvirt.so	2011-09-16 15:51:31 -06:00
shunloadtest.c	build: properly skip tests	2011-12-01 13:49:20 -07:00
sockettest.c	Split src/util/network.{c,h} into 5 pieces	2011-11-15 10:27:54 +00:00
ssh.c
start
statstest.c	tests: avoid xend ABRT crash report	2011-11-18 15:00:18 -07:00
storagepoolschematest
storagepoolxml2xmltest.c
storagevolschematest
storagevolxml2xmltest.c
test_conf.sh
test-lib.sh	tests: simplify formatting	2011-07-11 09:21:37 -06:00
testutils.c	Introduce new API for generating random numbers	2012-01-26 14:03:14 +00:00
testutils.h
testutilsqemu.c	Add support for cpu mode attribute	2012-01-17 11:39:23 +01:00
testutilsqemu.h
testutilsxen.c	Fix default console type setting	2011-11-03 12:01:48 +00:00
testutilsxen.h
undefine	virsh: properly interleave shared stdout and stderr	2011-08-19 09:22:22 -06:00
utiltest.c
vcpupin
virbuftest.c	virbuf: add auto-indentation support	2011-10-20 16:02:16 -06:00
virhashdata.h	Rename hash.h and hash.c to virhash.h and virhash.c	2012-01-26 14:11:13 +00:00
virhashtest.c	Rename hash.h and hash.c to virhash.h and virhash.c	2012-01-26 14:11:13 +00:00
virnetmessagetest.c
virnetsockettest.c	Santize naming of socket address APIs	2011-11-09 17:10:23 +00:00
virnettlscontexttest.c	tests: virnettlscontexttest needs gnutls-2.6.0	2012-02-01 16:36:13 -07:00
virsh-all
virsh-optparse	build: update to latest gnulib	2011-12-01 14:12:59 -07:00
virsh-schedinfo	build: update to latest gnulib	2011-12-01 14:12:59 -07:00
virsh-synopsis
virshtest.c	build: fix virsh reformat fallout	2012-01-12 15:16:40 -07:00
virt-aa-helper-test	fix AppArmor driver for pipe character devices	2011-09-28 15:43:39 +08:00
virtimetest.c	Add internal APIs for dealing with time	2011-11-30 11:43:49 +00:00
vmx2xmltest.c	build: properly skip tests	2011-12-01 13:49:20 -07:00
xencapstest.c	Xen: Fake versions in xencapstest	2011-10-14 09:42:38 -06:00
xmconfigtest.c	Add domain type checking	2011-07-11 19:38:51 +02:00
xml2sexprtest.c	Add domain type checking	2011-07-11 19:38:51 +02:00
xml2vmxtest.c	build: properly skip tests	2011-12-01 13:49:20 -07:00