External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 13:37:17 +00:00
Code Issues Packages Projects Releases Wiki Activity
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
34,212 Commits 67 Branches 616 Tags 738 MiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.7%
Other 0.7%
6a2806fd54
Go to file
Michal Privoznik 6a2806fd54 security: Don't increase XATTRs refcounter on failure 
If user has two domains, each have the same disk (configured for
RW) but each runs with different seclabel then we deny start of
the second domain because in order to do that we would need to
relabel the disk but that would cut the first domain off. Even if
we did not do that, qemu would fail to start because it would be
unable to lock the disk image for the second time. So far, this
behaviour is expected. But what is not expected is that we
increase the refcounter in XATTRs and leave it like that.

What happens is that when the second domain starts,
virSecuritySetRememberedLabel() is called, and since there are
XATTRs from the first domain it increments the refcounter and
returns it (refcounter == 2 at this point). Then callers
(virSecurityDACSetOwnership() and
virSecuritySELinuxSetFileconHelper()) realize that refcounter is
greater than 1 and desired seclabel doesn't match the one the
disk image already has and an error is produced. But the
refcounter is never decremented.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1740024

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2019-08-22 15:50:21 +02:00
.ctags.d maint: Add support for .ctags.d 2019-05-31 17:54:28 +02:00
.gnulib@1f6fb368c0 maint: Improve use of configmake.h on mingw 2019-08-19 17:04:05 -05:00
build-aux build: use @CONFIG@ instead of ::CONFIG:: in augeas tests 2019-08-09 14:06:31 +01:00
ci ci: Stop using --workdir 2019-08-21 18:58:34 +02:00
docs news: mention Direct Mode for Hyper-V Synthetic timers support 2019-08-19 11:38:28 +02:00
examples nwfilter: move standard XML configs out of examples dir 2019-08-19 11:52:44 +01:00
gnulib maint: Fix VPATH build 2019-01-07 21:56:16 -06:00
include/libvirt backup: Introduce virDomainCheckpoint APIs 2019-07-26 16:48:58 -05:00
m4 m4: Drop libxml2 version number from configure help 2019-08-12 09:31:22 +02:00
po po: refresh translations from zanata 2019-07-30 12:43:31 +01:00
src security: Don't increase XATTRs refcounter on failure 2019-08-22 15:50:21 +02:00
tests qemuxml2xmltest: switch TPM tests to use latest caps 2019-08-22 11:27:31 +02:00
tools Revert "configure: Remove --enable-test-coverage" 2019-08-14 09:28:06 +02:00
.color_coded.in Add color_coded support 2017-05-09 09:51:11 +02:00
.ctags ctags: Generate tags for headers, i.e. function prototypes 2018-09-18 14:21:33 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore ci: Move everything to a separate directory 2019-08-21 18:58:13 +02:00
.gitlab-ci.yml gitlab: Adapt to container name changes 2019-08-20 13:08:42 +02:00
.gitmodules gnulib: switch to use https:// instead of git:// protocol 2018-03-19 16:32:34 +00:00
.gitpublish git: add config file telling git-publish how to send patches 2018-04-23 11:36:09 +01:00
.mailmap mailmap: Remove some duplicates 2019-06-07 13:18:08 +02:00
.travis.yml ci: Move everything to a separate directory 2019-08-21 18:58:13 +02:00
.ycm_extra_conf.py.in Add YouCompleteMe support 2017-05-09 09:51:11 +02:00
ABOUT-NLS po: provide custom make rules for po file management 2018-04-19 10:35:58 +01:00
AUTHORS.in AUTHORS: Add Katerina Koukiou 2018-07-17 17:01:19 +02:00
autogen.sh po: provide custom make rules for po file management 2018-04-19 10:35:58 +01:00
bootstrap maint: update gnulib for syntax-check on BSD 2019-01-07 13:54:07 -06:00
bootstrap.conf maint: Stop generating ChangeLog from git 2019-04-03 09:45:25 +02:00
cfg.mk tools: avoid accidentally using files from gnulib 2019-08-08 13:32:02 +01:00
ChangeLog maint: Stop generating ChangeLog from git 2019-04-03 09:45:25 +02:00
config-post.h nss: only link to yajl library and nothing else 2019-08-07 16:54:02 +01:00
configure.ac Revert "configure: Remove --enable-test-coverage" 2019-08-14 09:28:06 +02:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: Remove control characters from LGPL license file 2015-09-25 09:16:24 +02:00
gitdm.config gitdm: Add gitdm configuration 2019-06-07 13:18:14 +02:00
libvirt-admin.pc.in Add libvirt-admin library 2015-06-16 13:46:20 +02:00
libvirt-lxc.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt-qemu.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.spec.in remote: enable connecting to the per-driver daemons 2019-08-09 14:06:31 +01:00
Makefile.am ci: Introduce $(CI_PREPARE_SCRIPT) 2019-08-21 18:58:27 +02:00
Makefile.nonreentrant Remove backslash alignment attempts 2017-11-03 13:24:12 +01:00
mingw-libvirt.spec.in backup: Introduce virDomainCheckpoint APIs 2019-07-26 16:48:58 -05:00
README Provide a useful README file 2017-05-22 17:01:37 +01:00
README-hacking docs: update all GIT repo examples to use https:// protocol 2018-03-21 14:48:01 +00:00
README.md README: fix license typo 2019-07-25 09:21:28 -06:00
run.in run: Don't export unnecessary paths 2019-03-15 11:50:23 +01:00

README.md

Build Status CII Best Practices

Libvirt API for virtualization

Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.

For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the website:

https://libvirt.org

License

The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.

Installation

Libvirt uses the GNU Autotools build system, so in general can be built and installed with the usual commands. For example, to build in a manner that is suitable for installing as root, use:

$ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
$ make
$ sudo make install

While to build & install as an unprivileged user

$ ./configure --prefix=$HOME/usr
$ make
$ make install

The libvirt code relies on a large number of 3rd party libraries. These will be detected during execution of the configure script and a summary printed which lists any missing (optional) dependencies.

Contributing

The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html

Contact

The libvirt project has two primary mailing lists:

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html