External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-04-26 07:04:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
42,621 Commits 67 Branches 638 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michal Privoznik a2476f37a7 virSetUIDGIDWithCaps: Set bounding capabilities only with CAP_SETPCAP 
In one of my previous patches I've tried to postpone dropping
CAP_SETPCAP until the very end because it's needed for
capng_apply(). What I did not realize back then was that we might
not have the capability to begin with. Because of unknown reasons
capng_apply() pollutes logs only for CAPNG_SELECT_BOUNDS and not
for CAPNG_SELECT_CAPS.

Reproducer is really simple: run libvirtd as a regular user.
During its initialization, libvirtd will spawn some binaries
(dnsmasq, qemu-*, etc.) and while doing so it will try to drop
capabilities.

Anyway, let's call capng_apply(CAPNG_SELECT_BOUNDS) only if we
have the CAP_SETPCAP (which is tracked in need_setpcap variable).

Fixes: 438b50dda8a863fdc988e9ab612f097cc1626e8a
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1924218
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
2021-07-26 09:54:40 +02:00
.ctags.d
.github
github: skip lockdown of old issues/prs
2020-04-07 17:50:54 +01:00
.gitlab/issue_templates
gitlab: Add issue template for a feature request
2020-12-02 09:11:27 +01:00
build-aux
syntax-check: Prohibit 'vir' prefix for enum implementations in virsh
2021-07-23 09:59:12 +02:00
ci
ci: refresh cirrus variables for FreeBSD python rename
2021-07-15 11:10:52 +01:00
docs
conf: Add grabToggle to evdev input
2021-07-23 11:20:48 +02:00
examples
nodedev: add DEFINED/UNDEFINED lifecycle events
2021-04-07 15:07:45 -05:00
include
Add basic driver for the Cloud-Hypervisor
2021-06-04 10:56:06 +01:00
po
Translated using Weblate (German)
2021-07-23 16:09:31 +02:00
scripts
lib: Drop internal virXXXPtr typedefs
2021-04-13 17:00:38 +02:00
src
virSetUIDGIDWithCaps: Set bounding capabilities only with CAP_SETPCAP
2021-07-26 09:54:40 +02:00
tests
qemusecuritymock: init_hash: virHashNew cannot return NULL
2021-07-23 11:30:31 +02:00
tools
virsh: fix setmem flags logic
2021-07-23 11:24:51 +02:00
.color_coded.in
gnulib: delete all gnulib integration
2020-02-07 15:03:54 +00:00
.ctags
.dir-locals.el
.editorconfig
Add .editorconfig
2019-09-06 12:47:46 +02:00
.gitignore
gitignore: Ignore __pycache__ directory
2021-03-22 12:05:11 +01:00
.gitlab-ci.yml
ci: Halt on sanitizer errors
2021-07-22 13:50:39 +02:00
.gitmodules
gnulib: delete all gnulib integration
2020-02-07 15:03:54 +00:00
.gitpublish
gitpublish: add a subject prefix
2020-01-16 13:04:11 +00:00
.mailmap
mailmap: consolidate my email addresses
2020-10-06 12:05:09 +02:00
.ycm_extra_conf.py.in
gnulib: delete all gnulib integration
2020-02-07 15:03:54 +00:00
AUTHORS.rst.in
AUTHORS: Add myself to the list of commiters
2021-07-14 14:51:19 +02:00
config.h
meson: Declare GLIB_VERSION_* macros at configure
2021-05-03 12:08:26 +02:00
configmake.h.in
meson: generate configmake.h
2020-08-03 09:26:48 +02:00
CONTRIBUTING.rst
meson: adjust our documentation to mention meson instead of autoconf
2020-08-03 09:27:09 +02:00
COPYING
COPYING.LESSER
gitdm.config
gitdm: add 'ibm' file
2019-10-18 17:32:52 +02:00
libvirt-admin.pc.in
libvirt-lxc.pc.in
libvirt-qemu.pc.in
libvirt.pc.in
libvirt.spec.in
spec: avoid rpm warning about macro in comment
2021-06-25 17:56:26 +00:00
meson_options.txt
remote: switch to auto-spawn modular daemons by default
2021-06-18 17:13:15 +01:00
meson.build
meson: disable bogus warnings from sanitizers on Fedora
2021-07-20 16:07:09 +01:00
mingw-libvirt.spec.in
meson: Turn apparmor_profiles into a feature
2021-06-01 14:32:02 +02:00
NEWS.rst
NEWS: Mention implications of the bug in migration code
2021-07-12 16:35:22 +02:00
README.rst
README: drop Travis CI badge
2020-08-03 15:08:28 +02:00
run.in
run: fix spawning of daemons
2021-04-07 11:41:26 +01:00

README.rst

GitLab CI Build Status

CII Best Practices

Translation status

Libvirt API for virtualization

Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.

For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the website:

https://libvirt.org

License

The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.

Installation

Instructions on building and installing libvirt can be found on the website:

https://libvirt.org/compiling.html

Contributing

The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html

Contact

The libvirt project has two primary mailing lists:

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html

Description
Libvirt native C API and daemons
Readme 645 MiB
Languages
C 95.1%
Python 2%
Meson 0.9%
Shell 0.6%
Perl 0.5%
Other 0.8%