2010-02-23 08:01:34 +08:00
|
|
|
*#*#
|
|
|
|
*.#*#
|
2017-03-03 20:43:51 +08:00
|
|
|
*.[187]
|
|
|
|
*.[187].in
|
2008-10-29 01:47:12 +08:00
|
|
|
*.a
|
2012-02-04 05:30:06 +08:00
|
|
|
*.cov
|
2010-04-29 11:36:03 +08:00
|
|
|
*.exe
|
2014-02-27 03:56:06 +08:00
|
|
|
*.exe.manifest
|
2010-06-10 02:35:49 +08:00
|
|
|
*.gcda
|
|
|
|
*.gcno
|
|
|
|
*.gcov
|
2012-02-04 05:30:06 +08:00
|
|
|
*.html
|
|
|
|
*.i
|
Prevent crash from dlclose() of libvirt.so
When libvirt calls virInitialize it creates a thread local
for the virErrorPtr storage, and registers a callback to
cleanup memory when a thread exits. When libvirt is dlclose()d
or otherwise made non-resident, the callback function is
removed from memory, but the thread local may still exist
and if a thread later exists, it will invoke the callback
and SEGV. There may also be other thread locals with callbacks
pointing to libvirt code, so it is in general never safe to
unload libvirt.so from memory once initialized.
To allow dlclose() to succeed, but keep libvirt.so resident
in memory, link with '-z nodelete'. This issue was first
found with the libvirt CIM provider, but can potentially
hit many of the dynamic language bindings which all ultimately
involve dlopen() in some way, either on libvirt.so itself,
or on the glue code for the binding which in turns links
to libvirt
* configure.ac, src/Makefile.am: Ensure libvirt.so is linked
with -z nodelete
* cfg.mk, .gitignore, tests/Makefile.am, tests/shunloadhelper.c,
tests/shunloadtest.c: A test case to unload libvirt while
a thread is still running.
2011-09-02 00:57:06 +08:00
|
|
|
*.la
|
|
|
|
*.lo
|
2012-02-04 05:30:06 +08:00
|
|
|
*.loT
|
2008-10-29 01:47:12 +08:00
|
|
|
*.o
|
2010-02-23 08:01:34 +08:00
|
|
|
*.orig
|
2014-01-15 05:28:57 +08:00
|
|
|
*.pem
|
2012-02-04 05:30:06 +08:00
|
|
|
*.pyc
|
2010-02-23 08:01:34 +08:00
|
|
|
*.rej
|
2012-02-04 05:30:06 +08:00
|
|
|
*.s
|
2016-05-03 21:36:01 +08:00
|
|
|
*.service
|
|
|
|
*.socket
|
2015-05-05 19:34:06 +08:00
|
|
|
*.swp
|
2008-10-29 01:47:12 +08:00
|
|
|
*~
|
2012-10-26 20:39:55 +08:00
|
|
|
.#*
|
2017-04-21 22:05:19 +08:00
|
|
|
.color_coded
|
2012-02-04 05:30:06 +08:00
|
|
|
.deps
|
build: use automake subdir-objects
Automake 2.0 will enable subdir-objects by default; in preparation
for that change, automake 1.14 outputs LOADS of warnings:
daemon/Makefile.am:38: warning: source file '../src/remote/remote_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
automake-1.14: warning: possible forward-incompatibility.
automake-1.14: At least a source file is in a subdirectory, but the 'subdir-objects'
automake-1.14: automake option hasn't been enabled. For now, the corresponding output
automake-1.14: object file(s) will be placed in the top-level directory. However,
automake-1.14: this behaviour will change in future Automake versions: they will
automake-1.14: unconditionally cause object files to be placed in the same subdirectory
automake-1.14: of the corresponding sources.
automake-1.14: You are advised to start using 'subdir-objects' option throughout your
automake-1.14: project, to avoid future incompatibilities.
daemon/Makefile.am:38: warning: source file '../src/remote/lxc_protocol.c' is in a subdirectory,
daemon/Makefile.am:38: but option 'subdir-objects' is disabled
...
As automake 1.9 also supported this option, and the previous patches
fixed up the code base to work with it, it is safe to now turn it on
unconditionally.
* configure.ac (AM_INIT_AUTOMAKE): Enable subdir-objects.
* .gitignore: Ignore .dirstamp directories.
* src/Makefile.am (PDWTAGS, *-protocol-struct): Adjust to
new subdir-object location of .lo files.
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-08 06:18:06 +08:00
|
|
|
.dirstamp
|
2012-09-14 17:09:51 +08:00
|
|
|
.gdb_history
|
2008-10-17 18:03:15 +08:00
|
|
|
.git
|
2009-07-10 16:01:04 +08:00
|
|
|
.git-module-status
|
2012-02-04 05:30:06 +08:00
|
|
|
.libs
|
2011-03-17 10:35:17 +08:00
|
|
|
.lvimrc
|
2012-02-04 05:30:06 +08:00
|
|
|
.memdump
|
2010-04-21 23:55:03 +08:00
|
|
|
.sc-start-sc_*
|
2017-04-21 22:47:02 +08:00
|
|
|
.ycm_extra_conf.py
|
2012-10-13 07:50:19 +08:00
|
|
|
/AUTHORS
|
2010-02-23 08:01:34 +08:00
|
|
|
/GNUmakefile
|
2010-11-17 03:29:09 +08:00
|
|
|
/INSTALL
|
|
|
|
/NEWS
|
|
|
|
/aclocal.m4
|
|
|
|
/autom4te.cache
|
2017-04-07 14:50:21 +08:00
|
|
|
/build-aux/*
|
2010-04-30 22:52:54 +08:00
|
|
|
/build/
|
2019-01-26 00:28:23 +08:00
|
|
|
/ci-tree/
|
2014-11-06 19:17:19 +08:00
|
|
|
/confdefs.h
|
2010-11-17 03:29:09 +08:00
|
|
|
/config.cache
|
|
|
|
/config.guess
|
|
|
|
/config.h
|
|
|
|
/config.h.in
|
|
|
|
/config.log
|
|
|
|
/config.rpath
|
|
|
|
/config.status
|
|
|
|
/config.sub
|
|
|
|
/configure
|
|
|
|
/configure.lineno
|
2014-11-06 23:53:28 +08:00
|
|
|
/conftest.*
|
2013-08-08 18:51:01 +08:00
|
|
|
/docs/aclperms.htmlinc
|
2012-04-28 00:05:12 +08:00
|
|
|
/docs/apibuild.py.stamp
|
2012-02-04 05:30:06 +08:00
|
|
|
/docs/devhelp/libvirt.devhelp
|
2011-05-16 23:33:56 +08:00
|
|
|
/docs/hvsupport.html.in
|
2015-04-15 22:23:25 +08:00
|
|
|
/docs/libvirt-admin-*.xml
|
2012-02-04 05:30:06 +08:00
|
|
|
/docs/libvirt-api.xml
|
Introduce an LXC specific public API & library
This patch introduces support for LXC specific public APIs. In
common with what was done for QEMU, this creates a libvirt_lxc.so
library and libvirt/libvirt-lxc.h header file.
The actual APIs are
int virDomainLxcOpenNamespace(virDomainPtr domain,
int **fdlist,
unsigned int flags);
int virDomainLxcEnterNamespace(virDomainPtr domain,
unsigned int nfdlist,
int *fdlist,
unsigned int *noldfdlist,
int **oldfdlist,
unsigned int flags);
which provide a way to use the setns() system call to move the
calling process into the container's namespace. It is not
practical to write in a generically applicable manner. The
nearest that we could get to such an API would be an API which
allows to pass a command + argv to be executed inside a
container. Even if we had such a generic API, this LXC specific
API is still useful, because it allows the caller to maintain
the current process context, in particular any I/O streams they
have open.
NB the virDomainLxcEnterNamespace() API is special in that it
runs client side, so does not involve the internal driver API.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-12-21 21:15:19 +08:00
|
|
|
/docs/libvirt-lxc-*.xml
|
2013-01-15 20:30:30 +08:00
|
|
|
/docs/libvirt-qemu-*.xml
|
2012-02-04 05:30:06 +08:00
|
|
|
/docs/libvirt-refs.xml
|
2017-01-03 19:22:54 +08:00
|
|
|
/docs/news.html.in
|
2012-02-04 05:30:06 +08:00
|
|
|
/docs/todo.html.in
|
2019-05-23 00:16:59 +08:00
|
|
|
/examples/c/admin/client_close
|
|
|
|
/examples/c/admin/client_info
|
|
|
|
/examples/c/admin/client_limits
|
|
|
|
/examples/c/admin/list_clients
|
|
|
|
/examples/c/admin/list_servers
|
|
|
|
/examples/c/admin/logging
|
|
|
|
/examples/c/admin/threadpool_params
|
|
|
|
/examples/c/domain/dommigrate
|
|
|
|
/examples/c/domain/domtop
|
|
|
|
/examples/c/domain/info1
|
|
|
|
/examples/c/domain/rename
|
|
|
|
/examples/c/domain/suspend
|
|
|
|
/examples/c/misc/event-test
|
|
|
|
/examples/c/misc/hellolibvirt
|
|
|
|
/examples/c/misc/openauth
|
2011-07-28 20:55:21 +08:00
|
|
|
/gnulib/lib/*
|
|
|
|
/gnulib/m4/*
|
|
|
|
/gnulib/tests/*
|
2015-11-26 22:02:49 +08:00
|
|
|
/include/libvirt/libvirt-common.h
|
2010-11-17 03:29:09 +08:00
|
|
|
/libtool
|
2016-06-15 19:19:32 +08:00
|
|
|
/libvirt-*.tar.xz
|
2010-05-20 06:16:47 +08:00
|
|
|
/libvirt-[0-9]*
|
2014-06-21 00:47:15 +08:00
|
|
|
/libvirt*.pc
|
2010-11-17 03:29:09 +08:00
|
|
|
/libvirt.spec
|
|
|
|
/ltconfig
|
|
|
|
/ltmain.sh
|
2011-04-06 03:06:31 +08:00
|
|
|
/m4/*
|
2010-02-23 08:01:34 +08:00
|
|
|
/maint.mk
|
2012-06-16 00:13:11 +08:00
|
|
|
/mingw-libvirt.spec
|
2010-11-17 03:29:09 +08:00
|
|
|
/mkinstalldirs
|
2018-04-03 23:39:17 +08:00
|
|
|
/po/*gmo
|
po: minimize & canonicalize translations stored in git
Similar to the libvirt.pot, .po files contain line numbers and file
names identifying where in the source a translatable string comes from.
The source locations in the .po files are thrown away and replaced with
content from the libvirt.pot whenever msgmerge is run, so this is not
precious information that needs to be stored in git.
When msgmerge processes a .po file, it will add in any msgids from the
libvirt.pot that were not already present. Thus, if a particular msgid
currently has no translation, it can be considered redundant and again
does not need storing in git.
When msgmerge processes a .po file and can't find an exact existing
translation match, it will try todo fuzzy matching instead, marking such
entries with a "# fuzzy" comment to alert the translator to take a
look and either discard, edit or accept the match. Looking at the
existing fuzzy matches in .po files shows that the quality is awful,
with many having a completely different set of printf format specifiers
between the msgid and fuzzy msgstr entry. Fortunately when msgfmt
generates the .gmo, the fuzzy entries are all ignored anyway. The fuzzy
entries could be useful to translators if they were working on the .po
files directly from git, but Libvirt outsourced translation to the
Fedora Zanata system, so keeping fuzzy matches in git is not much help.
Finally, by default msgids are sorted based on source location. Thus, if
a bit of code with translatable text is moved from one file to another,
it may shift around in the .po file, despite the msgid not itself changing.
If the msgids were sorted alphabetically, the .po files would have
stable ordering when code is refactored.
This patch takes advantage of the above observations to canonicalize
and minimize the content stored for .po files in git. Instead of storing
the real .po files, we now store .mini.po files.
The .mini.po files are the same file format as .po files, but have no
source location comments, are sorted alphabetically, and all fuzzy
msgstrs and msgids with no translation are discarded. This cuts the size
of content in the po directory from 109MB to 19MB.
Users working from a libvirt git checkout who need the full .po files
can run "make update-po", which merges the libvirt.pot and .mini.po
file to create a .po file containing all the content previously stored
in git.
Conversely if a full .po file has been modified, for example, by
downloading new content from Zanata, the .mini.po files can be updated
by running "make update-mini-po". The resulting diffs of the .mini.po
file will clearly show the changed translations without any of the noise
that previously obscured content. Being able to see content changes
clearly actually identified a bug in the zanata python client where it
was adding bogus "fuzzy" annotations to many messages:
https://bugzilla.redhat.com/show_bug.cgi?id=1564497
Users working from libvirt releases should not see any difference in
behaviour, since the tarballs only contain the full .po files, not the
.mini.po files.
As an added benefit, generating tarballs with "make dist", will no
longer cause creation of dirty files in git, since it won't touch the
.mini.po files, only the .po files which are no longer kept in git.
To avoid creating a single commit 100+MB in size, each language is
minimized separately in a following commit.
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2018-04-05 02:45:40 +08:00
|
|
|
/po/*po
|
|
|
|
!/po/*.mini.po
|
|
|
|
/po/*pot
|
2010-11-09 18:45:14 +08:00
|
|
|
/proxy/
|
2013-11-23 00:42:22 +08:00
|
|
|
/python/
|
2012-09-14 17:08:54 +08:00
|
|
|
/run
|
2011-08-19 07:03:26 +08:00
|
|
|
/sc_*
|
2012-07-23 22:45:20 +08:00
|
|
|
/src/.*.stamp
|
2014-06-21 00:48:12 +08:00
|
|
|
/src/*.pc
|
2012-01-23 23:12:57 +08:00
|
|
|
/src/access/org.libvirt.api.policy
|
Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.
- 'aclheader' - defines signatures of helper APIs for
doing authorization checks. There is one helper API
for each API requiring an auth check. Any @acl
annotations result in a method being generated with
a suffix of 'EnsureACL'. If the ACL check requires
examination of flags, an extra 'flags' param will be
present. Some examples
extern int virConnectBaselineCPUEnsureACL(void);
extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
Any @aclfilter annotations resuilt in a method being
generated with a suffix of 'CheckACL'.
extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
These are used for filtering individual objects from APIs
which return a list of objects
- 'aclbody' - defines the actual implementation of the
methods described above. This calls into the access
manager APIs. A complex example:
/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;
if (!(mgr = virAccessManagerGetDefault()))
return -1;
if ((rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
virObjectUnref(mgr);
return 0;
}
- 'aclsyms' - generates a linker script to export the
APIs to drivers. Some examples
virConnectBaselineCPUEnsureACL;
virConnectCompareCPUEnsureACL;
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-19 00:49:41 +08:00
|
|
|
/src/access/viraccessapicheck.c
|
|
|
|
/src/access/viraccessapicheck.h
|
|
|
|
/src/access/viraccessapichecklxc.c
|
|
|
|
/src/access/viraccessapichecklxc.h
|
|
|
|
/src/access/viraccessapicheckqemu.c
|
|
|
|
/src/access/viraccessapicheckqemu.h
|
2015-04-16 20:23:16 +08:00
|
|
|
/src/admin/admin_client.h
|
2015-04-15 22:13:22 +08:00
|
|
|
/src/admin/admin_protocol.[ch]
|
2018-01-19 19:30:31 +08:00
|
|
|
/src/admin/admin_server_dispatch_stubs.h
|
2012-02-04 05:30:06 +08:00
|
|
|
/src/esx/*.generated.*
|
2011-07-13 23:05:19 +08:00
|
|
|
/src/hyperv/*.generated.*
|
2012-02-04 05:30:06 +08:00
|
|
|
/src/libvirt*.def
|
|
|
|
/src/libvirt.syms
|
Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.
- 'aclheader' - defines signatures of helper APIs for
doing authorization checks. There is one helper API
for each API requiring an auth check. Any @acl
annotations result in a method being generated with
a suffix of 'EnsureACL'. If the ACL check requires
examination of flags, an extra 'flags' param will be
present. Some examples
extern int virConnectBaselineCPUEnsureACL(void);
extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
Any @aclfilter annotations resuilt in a method being
generated with a suffix of 'CheckACL'.
extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
These are used for filtering individual objects from APIs
which return a list of objects
- 'aclbody' - defines the actual implementation of the
methods described above. This calls into the access
manager APIs. A complex example:
/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;
if (!(mgr = virAccessManagerGetDefault()))
return -1;
if ((rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
virObjectUnref(mgr);
return 0;
}
- 'aclsyms' - generates a linker script to export the
APIs to drivers. Some examples
virConnectBaselineCPUEnsureACL;
virConnectCompareCPUEnsureACL;
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-19 00:49:41 +08:00
|
|
|
/src/libvirt_access.syms
|
2013-08-07 20:03:50 +08:00
|
|
|
/src/libvirt_access.xml
|
Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.
- 'aclheader' - defines signatures of helper APIs for
doing authorization checks. There is one helper API
for each API requiring an auth check. Any @acl
annotations result in a method being generated with
a suffix of 'EnsureACL'. If the ACL check requires
examination of flags, an extra 'flags' param will be
present. Some examples
extern int virConnectBaselineCPUEnsureACL(void);
extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
Any @aclfilter annotations resuilt in a method being
generated with a suffix of 'CheckACL'.
extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
These are used for filtering individual objects from APIs
which return a list of objects
- 'aclbody' - defines the actual implementation of the
methods described above. This calls into the access
manager APIs. A complex example:
/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;
if (!(mgr = virAccessManagerGetDefault()))
return -1;
if ((rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
virObjectUnref(mgr);
return 0;
}
- 'aclsyms' - generates a linker script to export the
APIs to drivers. Some examples
virConnectBaselineCPUEnsureACL;
virConnectCompareCPUEnsureACL;
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-19 00:49:41 +08:00
|
|
|
/src/libvirt_access_lxc.syms
|
2013-08-07 20:03:50 +08:00
|
|
|
/src/libvirt_access_lxc.xml
|
Auto-generate helpers for checking access control rules
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.
- 'aclheader' - defines signatures of helper APIs for
doing authorization checks. There is one helper API
for each API requiring an auth check. Any @acl
annotations result in a method being generated with
a suffix of 'EnsureACL'. If the ACL check requires
examination of flags, an extra 'flags' param will be
present. Some examples
extern int virConnectBaselineCPUEnsureACL(void);
extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);
Any @aclfilter annotations resuilt in a method being
generated with a suffix of 'CheckACL'.
extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);
These are used for filtering individual objects from APIs
which return a list of objects
- 'aclbody' - defines the actual implementation of the
methods described above. This calls into the access
manager APIs. A complex example:
/* Returns: -1 on error (denied==error), 0 on allowed */
int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
virDomainDefPtr domain,
unsigned int flags)
{
virAccessManagerPtr mgr;
int rv;
if (!(mgr = virAccessManagerGetDefault()))
return -1;
if ((rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
(rv = virAccessManagerCheckDomain(mgr,
conn->driver->name,
domain,
VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
virObjectUnref(mgr);
if (rv == 0)
virReportError(VIR_ERR_ACCESS_DENIED, NULL);
return -1;
}
virObjectUnref(mgr);
return 0;
}
- 'aclsyms' - generates a linker script to export the
APIs to drivers. Some examples
virConnectBaselineCPUEnsureACL;
virConnectCompareCPUEnsureACL;
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-19 00:49:41 +08:00
|
|
|
/src/libvirt_access_qemu.syms
|
2013-08-07 20:03:50 +08:00
|
|
|
/src/libvirt_access_qemu.xml
|
2015-08-21 02:03:12 +08:00
|
|
|
/src/libvirt_admin.syms
|
2012-02-04 05:30:06 +08:00
|
|
|
/src/libvirt_*.stp
|
|
|
|
/src/libvirt_*helper
|
2012-05-25 10:43:43 +08:00
|
|
|
/src/libvirt_*probes.h
|
2012-02-04 05:30:06 +08:00
|
|
|
/src/libvirt_lxc
|
2018-02-20 21:16:28 +08:00
|
|
|
/src/libvirtd
|
2018-02-21 20:48:23 +08:00
|
|
|
/src/libvirtd*.logrotate
|
2019-07-19 23:48:10 +08:00
|
|
|
/src/libxl/test_libvirtd_libxl.aug
|
2015-05-01 00:32:58 +08:00
|
|
|
/src/locking/libxl-lockd.conf
|
|
|
|
/src/locking/libxl-sanlock.conf
|
2012-08-03 17:27:07 +08:00
|
|
|
/src/locking/lock_daemon_dispatch_stubs.h
|
2011-07-07 00:20:04 +08:00
|
|
|
/src/locking/lock_protocol.[ch]
|
2011-07-07 00:30:08 +08:00
|
|
|
/src/locking/qemu-lockd.conf
|
2011-08-16 04:42:43 +08:00
|
|
|
/src/locking/qemu-sanlock.conf
|
Autogenerate augeas test case from default config files
When adding new config file parameters, the corresponding
additions to the augeas lens' are constantly forgotten.
Also there are augeas test cases, these don't catch the
error, since they too are never updated.
To address this, the augeas test cases need to be auto-generated
from the example config files.
* build-aux/augeas-gentest.pl: Helper to generate an
augeas test file, substituting in elements from the
example config files
* src/Makefile.am, daemon/Makefile.am: Switch to
auto-generated augeas test cases
* daemon/test_libvirtd.aug, daemon/test_libvirtd.aug.in,
src/locking/test_libvirt_sanlock.aug,
src/locking/test_libvirt_sanlock.aug.in,
src/lxc/test_libvirtd_lxc.aug,
src/lxc/test_libvirtd_lxc.aug.in,
src/qemu/test_libvirtd_qemu.aug,
src/qemu/test_libvirtd_qemu.aug.in: Remove example
config file data, replacing with a ::CONFIG:: placeholder
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-05-25 18:14:15 +08:00
|
|
|
/src/locking/test_libvirt_sanlock.aug
|
2019-07-19 23:48:10 +08:00
|
|
|
/src/locking/test_libvirt_lockd.aug
|
|
|
|
/src/locking/test_virtlockd.aug
|
2015-02-10 00:35:05 +08:00
|
|
|
/src/logging/log_daemon_dispatch_stubs.h
|
|
|
|
/src/logging/log_protocol.[ch]
|
2019-07-19 23:48:10 +08:00
|
|
|
/src/logging/test_virtlogd.aug
|
2012-07-17 22:54:08 +08:00
|
|
|
/src/lxc/lxc_controller_dispatch.h
|
|
|
|
/src/lxc/lxc_monitor_dispatch.h
|
2012-12-21 21:19:54 +08:00
|
|
|
/src/lxc/lxc_monitor_protocol.c
|
|
|
|
/src/lxc/lxc_monitor_protocol.h
|
2013-02-18 13:04:17 +08:00
|
|
|
/src/lxc/lxc_protocol.[ch]
|
2012-08-01 19:40:56 +08:00
|
|
|
/src/lxc/test_libvirtd_lxc.aug
|
2018-03-17 01:05:24 +08:00
|
|
|
/src/network/test_virtnetworkd.aug
|
|
|
|
/src/network/virtnetworkd.aug
|
|
|
|
/src/network/virtnetworkd.conf
|
Autogenerate augeas test case from default config files
When adding new config file parameters, the corresponding
additions to the augeas lens' are constantly forgotten.
Also there are augeas test cases, these don't catch the
error, since they too are never updated.
To address this, the augeas test cases need to be auto-generated
from the example config files.
* build-aux/augeas-gentest.pl: Helper to generate an
augeas test file, substituting in elements from the
example config files
* src/Makefile.am, daemon/Makefile.am: Switch to
auto-generated augeas test cases
* daemon/test_libvirtd.aug, daemon/test_libvirtd.aug.in,
src/locking/test_libvirt_sanlock.aug,
src/locking/test_libvirt_sanlock.aug.in,
src/lxc/test_libvirtd_lxc.aug,
src/lxc/test_libvirtd_lxc.aug.in,
src/qemu/test_libvirtd_qemu.aug,
src/qemu/test_libvirtd_qemu.aug.in: Remove example
config file data, replacing with a ::CONFIG:: placeholder
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-05-25 18:14:15 +08:00
|
|
|
/src/qemu/test_libvirtd_qemu.aug
|
2011-05-06 21:11:32 +08:00
|
|
|
/src/remote/*_client_bodies.h
|
|
|
|
/src/remote/*_protocol.[ch]
|
2018-02-20 21:16:28 +08:00
|
|
|
/src/remote/*_stubs.h
|
2019-06-22 00:19:11 +08:00
|
|
|
/src/remote/libvirtd.aug
|
2019-06-22 00:19:11 +08:00
|
|
|
/src/remote/libvirtd.conf
|
2019-07-19 23:48:10 +08:00
|
|
|
/src/remote/test_libvirtd.aug
|
remote: introduce virtproxyd daemon to handle IP connectivity
The libvirtd daemon provides the traditional libvirt experience where
all the drivers are in a single daemon, and is accessible over both
local UNIX sockets and remote IP sockets.
In the new world we're having a set of per-driver daemons which will
primarily be accessed locally via their own UNIX sockets.
We still, however, need to allow for case of applications which will
connect to libvirt remotely. These remote connections can be done as
TCP/TLS sockets, or by SSH tunnelling to the UNIX socket.
In the later case, the old libvirt.so clients will only know about
the path to the old libvirtd socket /var/run/libvirt/libvirt-sock,
and not the new driver sockets /var/run/libvirt/virtqemud-sock.
It is also not desirable to expose the main driver specific daemons
over IP directly to minimize their attack service.
Thus the virtproxyd daemon steps into place, to provide TCP/TLS sockets,
and back compat for the old libvirtd UNIX socket path(s). It will then
forward all RPC calls made to the appropriate driver specific daemon.
Essentially it is equivalent to the old libvirtd with absolutely no
drivers registered except for the remote driver (and other stateless
drivers in libvirt.so).
We could have modified libvirtd so none of the drivers are registed
to get the same end result. We could even add a libvirtd.conf parameter
to control whether the drivers are loaded to enable users to switch back
to the old world if we discover bugs in the split-daemon model. Using a
new daemon though has some advantages
- We can make virtproxyd and the virtXXXd per-driver daemons all
have "Conflicts: libvirtd.service" in their systemd unit files.
This will guarantee that libvirtd is never started at the same
time, as this would result in two daemons running the same driver.
Fortunately drivers use locking to protect themselves, but it is
better to avoid starting a daemon we know will conflict.
- It allows us to break CLI compat to remove the --listen parameter.
Both listen_tcp and listen_tls parameters in /etc/libvirtd/virtd.conf
will default to zero. Either TLS or TCP can be enabled exclusively
though virtd.conf without requiring the extra step of adding --listen.
- It allows us to set a strict SELinux policy over virtproxyd. For
back compat the libvirtd policy must continue to allow all drivers
to run. We can't easily give a second policy to libvirtd which
locks it down. By introducing a new virtproxyd we can set a strict
policy for that daemon only.
- It gets rid of the weird naming of having a daemon with "lib" in
its name. Now all normal daemons libvirt ships will have "virt"
as their prefix not "libvirt".
- Distros can more easily choose their upgrade path. They can
ship both sets of daemons in their packages, and choose to
either enable libvirtd, or enable the per-driver daemons and
virtproxyd out of the box. Users can easily override this if
desired by just tweaking which systemd units are active.
After some time we can deprecate use of libvirtd and after some more
time delete it entirely, leaving us in a pretty world filled with
prancing unicorns.
The main downside with introducing a new daemon, and with the
per-driver daemons in general, is figuring out the correct upgrade
path.
The conservative option is to leave libvirtd running if it was
an existing installation. Only use the new daemons & virtproxyd
on completely new installs.
The aggressive option is to disable libvirtd if already running
and activate all the new daemons.
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-04 19:33:23 +08:00
|
|
|
/src/remote/test_virtproxyd.aug
|
|
|
|
/src/remote/virtproxyd.aug
|
|
|
|
/src/remote/virtproxyd.conf
|
2011-09-22 18:51:55 +08:00
|
|
|
/src/rpc/virkeepaliveprotocol.[ch]
|
2010-12-07 01:03:10 +08:00
|
|
|
/src/rpc/virnetprotocol.[ch]
|
2019-07-23 19:22:41 +08:00
|
|
|
/src/secret/test_virtsecretd.aug
|
|
|
|
/src/secret/virtsecretd.aug
|
|
|
|
/src/secret/virtsecretd.conf
|
2019-07-19 23:48:10 +08:00
|
|
|
/src/test*.aug
|
2017-03-02 18:46:53 +08:00
|
|
|
/src/util/virkeycodetable*.h
|
|
|
|
/src/util/virkeynametable*.h
|
2012-02-04 05:30:06 +08:00
|
|
|
/src/virt-aa-helper
|
2012-08-03 03:06:50 +08:00
|
|
|
/src/virtlockd
|
2015-02-10 00:35:05 +08:00
|
|
|
/src/virtlogd
|
2018-03-17 01:05:24 +08:00
|
|
|
/src/virtnetworkd
|
remote: introduce virtproxyd daemon to handle IP connectivity
The libvirtd daemon provides the traditional libvirt experience where
all the drivers are in a single daemon, and is accessible over both
local UNIX sockets and remote IP sockets.
In the new world we're having a set of per-driver daemons which will
primarily be accessed locally via their own UNIX sockets.
We still, however, need to allow for case of applications which will
connect to libvirt remotely. These remote connections can be done as
TCP/TLS sockets, or by SSH tunnelling to the UNIX socket.
In the later case, the old libvirt.so clients will only know about
the path to the old libvirtd socket /var/run/libvirt/libvirt-sock,
and not the new driver sockets /var/run/libvirt/virtqemud-sock.
It is also not desirable to expose the main driver specific daemons
over IP directly to minimize their attack service.
Thus the virtproxyd daemon steps into place, to provide TCP/TLS sockets,
and back compat for the old libvirtd UNIX socket path(s). It will then
forward all RPC calls made to the appropriate driver specific daemon.
Essentially it is equivalent to the old libvirtd with absolutely no
drivers registered except for the remote driver (and other stateless
drivers in libvirt.so).
We could have modified libvirtd so none of the drivers are registed
to get the same end result. We could even add a libvirtd.conf parameter
to control whether the drivers are loaded to enable users to switch back
to the old world if we discover bugs in the split-daemon model. Using a
new daemon though has some advantages
- We can make virtproxyd and the virtXXXd per-driver daemons all
have "Conflicts: libvirtd.service" in their systemd unit files.
This will guarantee that libvirtd is never started at the same
time, as this would result in two daemons running the same driver.
Fortunately drivers use locking to protect themselves, but it is
better to avoid starting a daemon we know will conflict.
- It allows us to break CLI compat to remove the --listen parameter.
Both listen_tcp and listen_tls parameters in /etc/libvirtd/virtd.conf
will default to zero. Either TLS or TCP can be enabled exclusively
though virtd.conf without requiring the extra step of adding --listen.
- It allows us to set a strict SELinux policy over virtproxyd. For
back compat the libvirtd policy must continue to allow all drivers
to run. We can't easily give a second policy to libvirtd which
locks it down. By introducing a new virtproxyd we can set a strict
policy for that daemon only.
- It gets rid of the weird naming of having a daemon with "lib" in
its name. Now all normal daemons libvirt ships will have "virt"
as their prefix not "libvirt".
- Distros can more easily choose their upgrade path. They can
ship both sets of daemons in their packages, and choose to
either enable libvirtd, or enable the per-driver daemons and
virtproxyd out of the box. Users can easily override this if
desired by just tweaking which systemd units are active.
After some time we can deprecate use of libvirtd and after some more
time delete it entirely, leaving us in a pretty world filled with
prancing unicorns.
The main downside with introducing a new daemon, and with the
per-driver daemons in general, is figuring out the correct upgrade
path.
The conservative option is to leave libvirtd running if it was
an existing installation. Only use the new daemons & virtproxyd
on completely new installs.
The aggressive option is to disable libvirtd if already running
and activate all the new daemons.
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Christophe de Dinechin <dinechin@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-04 19:33:23 +08:00
|
|
|
/src/virtproxyd
|
2019-07-23 19:22:41 +08:00
|
|
|
/src/virtsecretd
|
2018-02-21 01:41:45 +08:00
|
|
|
/src/virt-guest-shutdown.target
|
2010-11-17 03:29:09 +08:00
|
|
|
/tests/*.log
|
2012-02-04 05:30:06 +08:00
|
|
|
/tests/*.pid
|
2013-01-28 22:19:14 +08:00
|
|
|
/tests/*.trs
|
2014-03-07 19:50:36 +08:00
|
|
|
/tests/*test
|
2016-05-05 16:09:32 +08:00
|
|
|
/tests/commandhelper
|
|
|
|
/tests/qemucapsprobe
|
2016-06-18 01:28:12 +08:00
|
|
|
!/tests/virsh-self-test
|
2014-03-07 19:50:36 +08:00
|
|
|
!/tests/virt-aa-helper-test
|
2016-09-14 16:08:48 +08:00
|
|
|
!/tests/virt-admin-self-test
|
2014-02-13 22:20:04 +08:00
|
|
|
/tests/objectlocking
|
|
|
|
/tests/objectlocking-files.txt
|
|
|
|
/tests/objectlocking.cm[ix]
|
2012-02-04 05:30:06 +08:00
|
|
|
/tests/reconnect
|
|
|
|
/tests/ssh
|
2016-04-18 20:10:33 +08:00
|
|
|
/tests/test_file_access.txt
|
2013-03-20 02:36:28 +08:00
|
|
|
/tests/test_conf
|
2012-10-21 10:29:51 +08:00
|
|
|
/tools/libvirt-guests.sh
|
2013-08-08 23:36:31 +08:00
|
|
|
/tools/virt-login-shell
|
tools: split virt-login-shell into two binaries
The virt-login-shell binary is a setuid program that takes
no arguments. When invoked it looks at the invoking uid,
resolves it to a username, and finds an LXC guest with the
same name. It then starts the guest and runs the shell in
side the namespaces of the container.
Given this set of tasks the virt-login-shell binary needs
to connect to libvirtd, make various other libvirt API calls.
This is a problem for setuid binaries as various libraries
that libvirt.so links to are not safe. For example, they have
constructor functions which execute an unknown amount of code
that can be influenced by env variables.
For this reason virt-login-shell doesn't use libvirt.so,
but instead links to a custom, cut down, set of source files
sufficient to be a local client only.
This introduces a problem for integrating glib2 into libvirt
though, as once integrated, there would be no way to build
virt-login-shell without an external dependancy on glib2 and
this is definitely not setuid safe.
To resolve this problem, we split the virt-login-shell binary
into two parts. The first part is setuid and does almost
nothing. It simply records the original uid+gid, and then
invokes the virt-login-shell-helper binary. Crucially when
it does this it completes scrubs all environment variables.
It is thus safe for virt-login-shell-helper to link to the
normal libvirt.so. Any things that constructor functions
do cannot be influenced by user control env vars or cli
args.
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 17:58:31 +08:00
|
|
|
/tools/virt-login-shell-helper
|
2012-02-04 05:30:06 +08:00
|
|
|
/tools/virsh
|
|
|
|
/tools/virsh-*-edit.c
|
2015-10-12 23:07:21 +08:00
|
|
|
/tools/virt-admin
|
2012-02-04 05:30:06 +08:00
|
|
|
/tools/virt-*-validate
|
|
|
|
/tools/virt-sanlock-cleanup
|
2014-01-16 01:06:58 +08:00
|
|
|
/tools/wireshark/src/libvirt
|
2010-11-17 03:29:09 +08:00
|
|
|
/update.log
|
2013-10-23 16:58:55 +08:00
|
|
|
GPATH
|
|
|
|
GRTAGS
|
|
|
|
GTAGS
|
2008-10-17 18:03:15 +08:00
|
|
|
Makefile
|
2008-10-29 01:47:12 +08:00
|
|
|
Makefile.in
|
2010-12-02 07:48:19 +08:00
|
|
|
TAGS
|
2008-10-29 01:47:12 +08:00
|
|
|
coverage
|
2009-07-03 22:32:17 +08:00
|
|
|
cscope.files
|
2012-11-05 12:59:53 +08:00
|
|
|
cscope.in.out
|
2009-07-03 22:32:17 +08:00
|
|
|
cscope.out
|
2012-11-05 12:59:53 +08:00
|
|
|
cscope.po.out
|
2008-10-29 01:47:12 +08:00
|
|
|
results.log
|
|
|
|
stamp-h
|
|
|
|
stamp-h.in
|
|
|
|
stamp-h1
|
2012-10-31 23:47:34 +08:00
|
|
|
tags
|
2016-06-18 01:31:42 +08:00
|
|
|
!/build-aux/*.pl
|
2011-07-28 20:55:21 +08:00
|
|
|
!/gnulib/lib/Makefile.am
|
|
|
|
!/gnulib/tests/Makefile.am
|
2011-04-06 03:06:31 +08:00
|
|
|
!/m4/virt-*.m4
|