External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-06 09:55:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
14,452 Commits 67 Branches 615 Tags 714 MiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.7%
Other 0.7%
922b7fda77
Go to file
Daniel P. Berrange 922b7fda77 Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.

To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.

This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'

Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 15:13:42 +01:00
.gnulib@0ba087759d maint: update gnulib submodule 2013-08-15 16:54:30 -06:00
build-aux Add API for calling systemd-machined's DBus API 2013-07-22 13:09:58 +01:00
daemon Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 15:13:42 +01:00
docs Add forwarder attribute to <dns/> element 2013-09-17 17:47:33 -06:00
examples build: only install nwfilter examples when building nwfilter 2013-09-04 13:48:27 -06:00
gnulib build: enforce makefile conditional style 2013-09-04 09:40:20 -06:00
include Add flag to BaselineCPU API to return detailed CPU features 2013-08-16 15:31:18 -06:00
m4 build: fix regression in requiring yajl for new enough qemu 2013-09-10 12:03:19 -06:00
po libxl: Introduce libxl_domain.[ch] 2013-09-03 16:43:20 -06:00
python docs, comments: minor typo fixes 2013-09-10 17:06:41 -06:00
src Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 15:13:42 +01:00
tests Add forwarder attribute to <dns/> element 2013-09-17 17:47:33 -06:00
tools virsh: Add vshCompleter to each option 2013-09-17 17:47:33 -06:00
.ctags maint: Make ctags work out of the box 2013-07-18 08:47:21 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore maint: ignore recently-added test 2013-09-17 10:24:41 -06:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Add John Ferlan to the committers list 2013-02-05 10:59:32 -05:00
autobuild.sh build: make autobuild require rpm build deps 2013-09-16 09:35:05 -06:00
autogen.sh autogen.sh: Correctly detect .git as a file 2013-08-29 13:19:45 +02:00
bootstrap maint: update gnulib submodule 2013-08-15 16:54:30 -06:00
bootstrap.conf maint: avoid bootstrap warning 2013-08-15 16:54:06 -06:00
cfg.mk tests: check remaining .x files 2013-09-09 12:04:03 -06:00
ChangeLog-old docs, comments: minor typo fixes 2013-09-10 17:06:41 -06:00
configure.ac Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 15:13:42 +01:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
HACKING docs: mention VIR_TEST_RANGE 2013-08-12 20:44:41 -06:00
libvirt.pc.in Add missing 'libvirt_lxc_api' variable in pkg-config file 2013-09-04 14:52:40 +01:00
libvirt.spec.in Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) 2013-09-18 15:13:42 +01:00
Makefile.am maint: split long lines in Makefiles 2013-07-19 05:25:35 -06:00
Makefile.nonreentrant maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
mingw-libvirt.spec.in build: add configure option to disable gnulib tests 2013-08-12 10:02:38 -06:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
run.in run: license as LGPL 2013-02-23 14:03:19 -07:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>