Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
Go to file
Daniel P. Berrange c567853089 CVE-2010-2242 Apply a source port mapping to virtual network masquerading
IPtables will seek to preserve the source port unchanged when
doing masquerading, if possible. NFS has a pseudo-security
option where it checks for the source port <= 1023 before
allowing a mount request. If an admin has used this to make the
host OS trusted for mounts, the default iptables behaviour will
potentially allow NAT'd guests access too. This needs to be
stopped.

With this change, the iptables -t nat -L -n -v rules for the
default network will be

Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
 pkts bytes target     prot opt in     out     source               destination
   14   840 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
   75  5752 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24

* src/network/bridge_driver.c: Add masquerade rules for TCP
  and UDP protocols
* src/util/iptables.c, src/util/iptables.c: Add source port
  mappings for TCP & UDP protocols when masquerading.
2010-07-19 15:50:27 +01:00
.gnulib@1629006348 build: fix some mingw issues 2010-06-10 06:05:31 -06:00
build-aux build: update gnulib 2010-03-26 19:16:37 +01:00
daemon man pages: update authors and copyright notice for libvirtd and virsh 2010-07-17 04:51:01 +10:00
docs docs: fix so generated .html files are removed with make clean 2010-07-13 05:34:25 +10:00
examples Add openauth example to demonstrate a custom auth callback 2010-07-13 13:50:27 +02:00
include libvirt: introduce domainCreateWithFlags API 2010-06-15 07:32:41 -06:00
m4 build: don't use "test cond1 -o cond2": it's not portable 2010-03-25 09:28:24 +01:00
po Release of libvirt-0.8.2 2010-07-05 17:29:25 +02:00
proxy build: fix up some compiler flags 2010-05-17 09:12:42 -06:00
python python: Fix IOErrorReasonCallback bindings 2010-07-14 10:52:18 -04:00
src CVE-2010-2242 Apply a source port mapping to virtual network masquerading 2010-07-19 15:50:27 +01:00
tests cpu: Add support for CPU vendor 2010-07-07 17:26:00 +02:00
tools man pages: update authors and copyright notice for libvirtd and virsh 2010-07-17 04:51:01 +10:00
.gitignore build: distribute missing file 2010-05-19 16:28:49 -06:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap authors: update my authors details 2010-07-09 23:21:00 +10:00
.x-sc_avoid_ctype_macros exempt gnulib from ctype-macros prohibition 2008-10-28 17:36:31 +00:00
.x-sc_avoid_if_before_free avoid a "make syntax-check" failure 2009-07-09 20:00:37 +02:00
.x-sc_avoid_write Fully asynchronous monitor I/O processing 2009-11-10 13:27:18 +00:00
.x-sc_m4_quote_check syntax-check: enable more checks 2009-02-03 13:08:36 +00:00
.x-sc_prohibit_always_true_header_tests build: update gnulib 2010-05-06 14:35:38 -06:00
.x-sc_prohibit_asprintf add .x-sc_prohibit_asprintf 2008-12-23 13:40:42 +00:00
.x-sc_prohibit_gethostby Various syntax-check fixes. 2009-10-26 10:34:05 +01:00
.x-sc_prohibit_gethostname Add a new syntax-check rule for gethostname. 2009-10-26 10:34:27 +01:00
.x-sc_prohibit_gettext_noop build: fix syntax-check problems 2010-04-12 16:43:05 -06:00
.x-sc_prohibit_have_config_h maint: sync from coreutils 2009-01-29 18:06:19 +00:00
.x-sc_prohibit_HAVE_MBRTOWC maint: sync from coreutils 2009-01-29 18:06:19 +00:00
.x-sc_prohibit_nonreentrant Tighten up nonreentrant syntax-check. 2009-10-26 10:33:42 +01:00
.x-sc_prohibit_readlink Add a rule to check for uses of readlink. 2010-01-22 09:42:35 -05:00
.x-sc_prohibit_strcmp exempt gnulib/ from "make syntax-check" strcmp prohibition 2008-05-14 21:18:27 +00:00
.x-sc_prohibit_strcmp_and_strncmp Ignore docs/ directory for strcmp() syntax check 2009-11-23 11:58:13 +00:00
.x-sc_prohibit_strncpy Various syntax-check fixes. 2009-10-26 10:34:05 +01:00
.x-sc_prohibit_test_minus_ao build: fix syntax-check problems 2010-04-12 16:43:05 -06:00
.x-sc_prohibit_VIR_ERR_NO_MEMORY Various syntax-check fixes. 2009-10-26 10:34:05 +01:00
.x-sc_require_config_h Various syntax-check fixes. 2009-10-26 10:34:05 +01:00
.x-sc_require_config_h_first Misc syntax-check fixes 2009-09-21 14:41:47 +01:00
.x-sc_trailing_blank build: exempt *.ico files from the trailing blank check 2008-10-16 13:28:07 +00:00
.x-sc_unmarked_diagnostics build: import latest gnulib 2010-04-02 10:18:55 -06:00
acinclude.m4 build: fix up some compiler flags 2010-05-17 09:12:42 -06:00
AUTHORS authors: update my authors details 2010-07-09 23:21:00 +10:00
autobuild.sh autobuild.sh: avoid bashism 2010-06-04 10:03:52 -06:00
autogen.sh build: improve check for out-of-date .gnulib submodule 2010-04-02 15:49:32 -06:00
bootstrap build: fix some mingw issues 2010-06-10 06:05:31 -06:00
bootstrap.conf maint: add gnulib gettimeofday module 2010-06-25 07:46:28 -06:00
cfg.mk build: fix VPATH 'make syntax-check' 2010-06-01 16:34:25 -06:00
ChangeLog-old generate ChangeLog from git logs into distribution tarball 2009-07-08 16:17:51 +02:00
configure.ac Add openauth example to demonstrate a custom auth callback 2010-07-13 13:50:27 +02:00
COPYING.LIB remove all trailing blank lines 2009-07-16 15:06:42 +02:00
HACKING docs: hacking: explain why using curly braces well is important 2010-05-04 15:41:21 +02:00
libvirt.pc.in
libvirt.spec.in man pages: update authors and copyright notice for libvirtd and virsh 2010-07-17 04:51:01 +10:00
Makefile.am Add openauth example to demonstrate a custom auth callback 2010-07-13 13:50:27 +02:00
Makefile.nonreentrant syntax-check: enable prohibit_nonreentrant 2009-02-05 16:28:41 +00:00
mingw32-libvirt.spec.in build: fix some mingw issues 2010-06-10 06:05:31 -06:00
README
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
TODO Remove all trailing blanks; turn on the rule to detect them. 2008-02-05 19:27:37 +00:00

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>