mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-13 11:15:08 +00:00
Libvirt provides a portable, long term stable C API for managing the
virtualization technologies provided by many operating systems. It
includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware
vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER
Hypervisor.
28209ca05e
Until now, user namespaces have not done much, but (for that reason) have been innocuous to glob in with other CLONE_ flags. Upcoming userns development, however, will make tasks cloned with CLONE_NEWUSER far more restricted. In particular, for some time they will be unable to access files with anything other than the world access perms. This patch assumes that noone really needs the user namespaces to be enabled. If that is wrong, then we can try a more baroque patch where we create a file owned by a test userid with 700 perms and, if we can't access it after setuid'ing to that userid, then return 0. Otherwise, assume we are using an older, 'harmless' user namespace implementation. Comments appreciated. Is it ok to do this? Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> |
||
|---|---|---|
| .gnulib@2f41af6508 | ||
| daemon | ||
| docs | ||
| examples | ||
| include | ||
| m4 | ||
| po | ||
| python | ||
| src | ||
| tests | ||
| tools | ||
| .dir-locals.el | ||
| .gitignore | ||
| .gitmodules | ||
| .mailmap | ||
| .x-sc_avoid_ctype_macros | ||
| .x-sc_avoid_if_before_free | ||
| .x-sc_avoid_write | ||
| .x-sc_bindtextdomain | ||
| .x-sc_m4_quote_check | ||
| .x-sc_po_check | ||
| .x-sc_prohibit_always_true_header_tests | ||
| .x-sc_prohibit_asprintf | ||
| .x-sc_prohibit_close | ||
| .x-sc_prohibit_empty_lines_at_EOF | ||
| .x-sc_prohibit_fork_wrappers | ||
| .x-sc_prohibit_gethostby | ||
| .x-sc_prohibit_gethostname | ||
| .x-sc_prohibit_gettext_noop | ||
| .x-sc_prohibit_have_config_h | ||
| .x-sc_prohibit_HAVE_MBRTOWC | ||
| .x-sc_prohibit_nonreentrant | ||
| .x-sc_prohibit_readlink | ||
| .x-sc_prohibit_sprintf | ||
| .x-sc_prohibit_strncpy | ||
| .x-sc_prohibit_test_minus_ao | ||
| .x-sc_prohibit_VIR_ERR_NO_MEMORY | ||
| .x-sc_prohibit_xmlGetProp | ||
| .x-sc_require_config_h | ||
| .x-sc_require_config_h_first | ||
| .x-sc_trailing_blank | ||
| .x-sc_unmarked_diagnostics | ||
| acinclude.m4 | ||
| AUTHORS | ||
| autobuild.sh | ||
| autogen.sh | ||
| bootstrap | ||
| bootstrap.conf | ||
| cfg.mk | ||
| ChangeLog-old | ||
| configure.ac | ||
| COPYING.LIB | ||
| HACKING | ||
| libvirt.pc.in | ||
| libvirt.spec.in | ||
| Makefile.am | ||
| Makefile.nonreentrant | ||
| mingw32-libvirt.spec.in | ||
| README | ||
| README-hacking | ||
| TODO | ||
LibVirt : simple API for virtualization
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.
Daniel Veillard <veillard@redhat.com>