libvirt/src
Serge E. Hallyn 28209ca05e Don't use CLONE_NEWUSER for now
Until now, user namespaces have not done much, but (for that
reason) have been innocuous to glob in with other CLONE_
flags.  Upcoming userns development, however, will make tasks
cloned with CLONE_NEWUSER far more restricted.  In particular,
for some time they will be unable to access files with anything
other than the world access perms.

This patch assumes that noone really needs the user namespaces
to be enabled.  If that is wrong, then we can try a more
baroque patch where we create a file owned by a test userid with
700 perms and, if we can't access it after setuid'ing to that
userid, then return 0.  Otherwise, assume we are using an
older, 'harmless' user namespace implementation.

Comments appreciated.  Is it ok to do this?

Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
2011-02-09 08:23:37 -07:00
..
conf sysinfo: refactor xml formatting 2011-02-08 19:37:21 -07:00
cpu cpu: Add support for Westmere CPU model 2011-01-14 17:28:42 +01:00
esx sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
interface Implement forgotten backend of virInterfaceIsActive() 2010-04-14 10:38:18 -04:00
lxc Don't use CLONE_NEWUSER for now 2011-02-09 08:23:37 -07:00
network bridge_driver: handle DNS over IPv6 2011-01-31 20:25:48 -05:00
node_device node_device: udev driver does not handle SR-IOV devices 2011-01-03 09:05:10 -07:00
nwfilter Prefer C style comments over C++ ones 2011-01-29 00:59:45 +01:00
opennebula sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
openvz sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
phyp sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
qemu sysinfo: implement qemu support 2011-02-08 19:38:49 -07:00
remote sysinfo: implement the remote protocol 2011-02-08 19:29:46 -07:00
secret maint: use gnulib configmake rather than open-coding things 2010-11-17 08:58:58 -07:00
security smartcard: enable SELinux support 2011-02-03 19:28:53 -07:00
storage Add VIR_DIV_UP to divide memory or storage request sizes with round up 2011-01-29 00:42:10 +01:00
test sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
uml sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
util sysinfo: refactor xml formatting 2011-02-08 19:37:21 -07:00
vbox sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
vmware sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
vmx Prefer C style comments over C++ ones 2011-01-29 00:59:45 +01:00
xen sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
xenapi sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
.gitignore util: add missing export 2010-10-12 09:42:18 -06:00
datatypes.c maint: reject raw close, popen in 'make syntax-check' 2011-01-29 10:36:47 -07:00
datatypes.h Simplify "NWFilterPool" to "NWFilter" 2011-01-18 23:14:37 +01:00
driver.c maint: use gnulib configmake rather than open-coding things 2010-11-17 08:58:58 -07:00
driver.h sysinfo: define internal driver API 2011-02-08 19:25:30 -07:00
fdstream.c build: avoid close, system 2011-01-29 10:36:45 -07:00
fdstream.h Add a generic internal API for handling any FD based stream 2010-11-11 16:02:57 +00:00
gnutls_1_0_compat.h build: consistently indent preprocessor directives 2010-03-09 19:22:28 +01:00
internal.h qemu: Add shortcut for HMP pass through 2011-02-03 22:20:30 +01:00
libvirt_bridge.syms Replace brSetInetAddress/brSetInetNetmask with brAddInetAddress 2010-12-23 15:53:26 -05:00
libvirt_daemon.syms Export conditional state driver symbols only when they are defined 2010-03-23 02:05:18 +01:00
libvirt_driver_modules.syms Move --with-driver-modules symbols into a separate sym file 2009-01-05 14:06:41 +00:00
libvirt_internal.h build: consistently indent preprocessor directives 2010-03-09 19:22:28 +01:00
libvirt_linux.syms migrate linux-specific symbol names into their own sym file 2009-01-05 14:08:26 +00:00
libvirt_macvtap.syms Fix undefined symbol errors when macvtap support is disabled 2010-12-01 17:08:08 +01:00
libvirt_nwfilter.syms Some NWFilter symbols are conditional and have to be exported conditional 2010-04-23 19:51:00 +02:00
libvirt_private.syms sysinfo: refactor xml formatting 2011-02-08 19:37:21 -07:00
libvirt_public.syms sysinfo: expose new API 2011-02-08 19:21:26 -07:00
libvirt_qemu.syms Qemu Monitor API entry point. 2010-07-23 17:30:14 -04:00
libvirt_vmx.syms esx: Move VMX handling code out of the driver directory 2010-12-21 22:40:17 +01:00
libvirt-qemu.c Qemu Monitor API entry point. 2010-07-23 17:30:14 -04:00
libvirt.c sysinfo: implement the public API 2011-02-08 19:29:44 -07:00
Makefile.am Refactor the security drivers to simplify usage 2011-01-10 18:10:52 +00:00
nodeinfo.c tests: avoid spurious failure of nodeinfotest 2010-12-20 10:31:40 -07:00
nodeinfo.h build: consistently indent preprocessor directives 2010-03-09 19:22:28 +01:00
README Add a README file to src/ explaining the directory structure 2009-09-21 14:41:47 +01:00
remote_protocol-structs sysinfo: implement the remote protocol 2011-02-08 19:29:46 -07:00

       libvirt library code README
       ===========================

The directory provides the bulk of the libvirt codebase. Everything
except for the libvirtd daemon and client tools. The build uses a
large number of libtool convenience libraries - one for each child
directory, and then links them together for the final libvirt.so,
although some bits get linked directly to libvirtd daemon instead.

The files directly in this directory are supporting the public API
entry points & data structures.

There are two core shared modules to be aware of:

 * util/  - a collection of shared APIs that can be used by any
            code. This directory is always in the include path
            for all things built

 * conf/  - APIs for parsing / manipulating all the official XML
            files used by the public API. This directory is only
            in the include path for driver implementation modules


Then there are the hypervisor implementations:

 * esx/          - VMware ESX and GSX support using vSphere API over SOAP
 * lxc/          - Linux Native Containers
 * opennebula/   - Open Nebula using XMLRPC
 * openvz/       - OpenVZ containers using cli tools
 * phyp/         - IBM Power Hypervisor using CLI tools over SSH
 * qemu/         - QEMU / KVM using qemu CLI/monitor
 * remote/       - Generic libvirt native RPC client
 * test/         - A "mock" driver for testing
 * uml/          - User Mode Linux
 * vbox/         - Virtual Box using native API
 * xen/          - Xen using hypercalls, XenD SEXPR & XenStore


Finally some secondary drivers that are shared for several HVs.
Currently these are used by LXC, OpenVZ, QEMU, UML and Xen drivers.
The ESX, OpenNebula, Power Hypervisor, Remote, Test & VirtualBox
drivers all implement the secondary drivers directly

 * interface/    - Host network interface management
 * network/      - Virtual NAT networking
 * node_device/  - Host device enumeration
 * secret/       - Secret management
 * security/     - Mandatory access control drivers
 * storage/      - Storage management drivers


Since both the hypervisor and secondary drivers can be built as
dlopen()able modules, it is *FORBIDDEN* to have build dependencies
between these directories. Drivers are only allowed to depend on
the public API, and the internal APIs in the util/ and conf/
directories