mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 21:47:18 +00:00

Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.

Go to file

Michal Privoznik 8b1660e530 security: Don't remember owner for shared resources This effectively reverts `d7420430ce` and adds new code. Here is the problem: Imagine a file X that is to be shared between two domains as a disk. Let the first domain (vm1) have seclabel remembering turned on and the other (vm2) has it turned off. Assume that both domains will run under the same user, but the original owner of X is different (i.e. trying to access X without relabelling leads to EPERM). Let's start vm1 first. This will cause X to be relabelled and to gain new attributes: trusted.libvirt.security.ref_dac="1" trusted.libvirt.security.dac="$originalOwner" When vm2 is started, X will again be relabelled, but since the new label is the same as X already has (because of vm1) nothing changes and vm1 and vm2 can access X just fine. Note that no XATTR is changed (especially the refcounter keeps its value of 1) because the vm2 domain has the feature turned off. Now, vm1 is shut off and vm2 continues running. In seclabel restore process we would get to X and since its refcounter is 1 we would restore the $originalOwner on it. But this is unsafe to do because vm2 is still using X (remember the assumption that $originalOwner and vm2's seclabel are distinct?). The problem is that refcounter stored in XATTRs doesn't reflect the actual times a resource is in use. Since I don't see any easy way around it let's just not store original owner on shared resources. Shared resource in world of domain disks is: - whole backing chain but the top layer, - read only disk (we don't require CDROM to be explicitly marked as shareable), - disk marked as shareable. Signed-off-by: Michal Privoznik <mprivozn@redhat.com>		2019-07-03 08:36:04 +02:00
.ctags.d	maint: Add support for .ctags.d	2019-05-31 17:54:28 +02:00
.gnulib@8089c00979	maint: update gnulib for syntax-check on BSD	2019-01-07 13:54:07 -06:00
build-aux	syntax check: update header guard check	2019-06-20 09:01:07 +02:00
docs	maint: Post-release version bump to 5.6.0	2019-07-03 08:30:52 +02:00
examples	examples: Group all C programs together	2019-06-03 17:27:43 +02:00
gnulib	maint: Fix VPATH build	2019-01-07 21:56:16 -06:00
include/libvirt	Revert "error: Add VIR_ERR_DEPRECATED error code"	2019-06-27 14:47:10 +01:00
m4	remote: delete the avahi mDNS support	2019-06-21 12:59:42 +01:00
po	Refresh translations from Zanata	2019-07-01 19:02:08 +01:00
src	security: Don't remember owner for shared resources	2019-07-03 08:36:04 +02:00
tests	security: Don't remember owner for shared resources	2019-07-03 08:36:04 +02:00
tools	tools: Slightly rework libvirt_recover_xattrs.sh	2019-07-03 08:36:03 +02:00
.color_coded.in	Add color_coded support	2017-05-09 09:51:11 +02:00
.ctags	ctags: Generate tags for headers, i.e. function prototypes	2018-09-18 14:21:33 +02:00
.dir-locals.el	build: avoid tabs that failed syntax-check	2012-09-06 09:43:46 -06:00
.gitignore	examples: Group all C programs together	2019-06-03 17:27:43 +02:00
.gitlab-ci.yml	tests: perform cross compiler builds on GitLab CI	2019-05-09 11:34:53 +01:00
.gitmodules	gnulib: switch to use https:// instead of git:// protocol	2018-03-19 16:32:34 +00:00
.gitpublish	git: add config file telling git-publish how to send patches	2018-04-23 11:36:09 +01:00
.mailmap	mailmap: Remove some duplicates	2019-06-07 13:18:08 +02:00
.travis.yml	travis: put macOS script inline in the macOS matrix entry	2019-04-11 18:38:56 +01:00
.ycm_extra_conf.py.in	Add YouCompleteMe support	2017-05-09 09:51:11 +02:00
ABOUT-NLS	po: provide custom make rules for po file management	2018-04-19 10:35:58 +01:00
AUTHORS.in	AUTHORS: Add Katerina Koukiou	2018-07-17 17:01:19 +02:00
autogen.sh	po: provide custom make rules for po file management	2018-04-19 10:35:58 +01:00
bootstrap	maint: update gnulib for syntax-check on BSD	2019-01-07 13:54:07 -06:00
bootstrap.conf	maint: Stop generating ChangeLog from git	2019-04-03 09:45:25 +02:00
cfg.mk	remote: delete the avahi mDNS support	2019-06-21 12:59:42 +01:00
ChangeLog	maint: Stop generating ChangeLog from git	2019-04-03 09:45:25 +02:00
config-post.h	build: remove WITH_YAJL2	2019-04-03 13:30:47 +02:00
configure.ac	maint: Post-release version bump to 5.6.0	2019-07-03 08:30:52 +02:00
COPYING
COPYING.LESSER	maint: Remove control characters from LGPL license file	2015-09-25 09:16:24 +02:00
gitdm.config	gitdm: Add gitdm configuration	2019-06-07 13:18:14 +02:00
libvirt-admin.pc.in	Add libvirt-admin library	2015-06-16 13:46:20 +02:00
libvirt-lxc.pc.in	Add pkg-config files for libvirt-qemu & libvirt-lxc	2014-06-23 16:17:27 +01:00
libvirt-qemu.pc.in	Add pkg-config files for libvirt-qemu & libvirt-lxc	2014-06-23 16:17:27 +01:00
libvirt.pc.in	Add pkg-config files for libvirt-qemu & libvirt-lxc	2014-06-23 16:17:27 +01:00
libvirt.spec.in	remote: delete the avahi mDNS support	2019-06-21 12:59:42 +01:00
Makefile.am	Don't include Makefile.ci in Makefile.am	2019-05-10 09:12:52 +02:00
Makefile.ci	Add support for podman in Makefile.ci	2019-05-10 14:13:06 +02:00
Makefile.nonreentrant	Remove backslash alignment attempts	2017-11-03 13:24:12 +01:00
mingw-libvirt.spec.in	remote: delete the avahi mDNS support	2019-06-21 12:59:42 +01:00
README	Provide a useful README file	2017-05-22 17:01:37 +01:00
README-hacking	docs: update all GIT repo examples to use https:// protocol	2018-03-21 14:48:01 +00:00
README.md	Add CII best practices badge	2017-10-13 16:08:01 +01:00
run.in	run: Don't export unnecessary paths	2019-03-15 11:50:23 +01:00

README.md

Libvirt API for virtualization

For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the website:

https://libvirt.org

License

The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.1 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.

Installation

Libvirt uses the GNU Autotools build system, so in general can be built and installed with the usual commands. For example, to build in a manner that is suitable for installing as root, use:

$ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
$ make
$ sudo make install

While to build & install as an unprivileged user

$ ./configure --prefix=$HOME/usr
$ make
$ make install

The libvirt code relies on a large number of 3rd party libraries. These will be detected during execution of the configure script and a summary printed which lists any missing (optional) dependencies.

Contributing

The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html

Contact

The libvirt project has two primary mailing lists:

libvirt-users@redhat.com (for user discussions)
libvir-list@redhat.com (for development only)

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html