libvirt/tools/Makefile.am

530 lines
14 KiB
Makefile
Raw Normal View History

## Copyright (C) 2005-2016 Red Hat, Inc.
## Copyright (C) 2013 Yuto KAWAMURA(kawamuray) <kawamuray.dadada@gmail.com>
maint: use LGPL correctly Several files called out COPYING or COPYING.LIB instead of using the normal boilerplate. It's especially important that we don't call out COPYING from an LGPL file, since COPYING is traditionally used for the GPL. A few files were lacking copyright altogether. * src/rpc/gendispatch.pl: Add missing copyright. * Makefile.nonreentrant: Likewise. * src/check-symfile.pl: Likewise. * src/check-symsorting.pl: Likewise. * src/driver.h: Likewise. * src/internal.h: Likewise. * tools/libvirt-guests.sh.in: Likewise. * tools/virt-pki-validate.in: Mention copyright in comment, not just code. * tools/virt-sanlock-cleanup.in: Likewise. * src/rpc/genprotocol.pl: Spell out license terms. * src/xen/xend_internal.h: Likewise. * src/xen/xend_internal.c: Likewise. * Makefile.am: Likewise. * daemon/Makefile.am: Likewise. * docs/Makefile.am: Likewise. * docs/schemas/Makefile.am: Likewise. * examples/apparmor/Makefile.am: Likewise. * examples/domain-events/events-c/Makefile.am: Likewise. * examples/dominfo/Makefile.am: Likewise. * examples/domsuspend/Makefile.am: Likewise. * examples/hellolibvirt/Makefile.am: Likewise. * examples/openauth/Makefile.am: Likewise. * examples/python/Makefile.am: Likewise. * examples/systemtap/Makefile.am: Likewise. * examples/xml/nwfilter/Makefile.am: Likewise. * gnulib/lib/Makefile.am: Likewise. * gnulib/tests/Makefile.am: Likewise. * include/Makefile.am: Likewise. * include/libvirt/Makefile.am: Likewise. * python/Makefile.am: Likewise. * python/tests/Makefile.am: Likewise. * src/Makefile.am: Likewise. * tests/Makefile.am: Likewise. * tools/Makefile.am: Likewise. * configure.ac: Likewise. Signed-off-by: Eric Blake <eblake@redhat.com>
2013-05-15 07:42:12 +08:00
##
## This library is free software; you can redistribute it and/or
## modify it under the terms of the GNU Lesser General Public
## License as published by the Free Software Foundation; either
## version 2.1 of the License, or (at your option) any later version.
##
## This library is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
## Lesser General Public License for more details.
##
## You should have received a copy of the GNU Lesser General Public
## License along with this library. If not, see
## <http://www.gnu.org/licenses/>.
AM_CPPFLAGS = \
-I$(top_builddir)/include -I$(top_srcdir)/include \
-I$(top_builddir)/src -I$(top_srcdir)/src \
-I$(top_srcdir)/src/util \
-I$(top_srcdir) \
$(NULL)
# We do not want to accidentally include stuff from src/
# dir or public API dir. Specific files can
# still be included via their path relative to the root if
# needed
STANDALONE_CPPFLAGS = -I$(top_srcdir)
AM_CFLAGS = \
$(WARN_CFLAGS) \
$(COVERAGE_CFLAGS) \
$(PIE_CFLAGS) \
$(LIBXML_CFLAGS) \
build: link to glib library Add the main glib.h to internal.h so that all common code can use it. Historically glib allowed applications to register an alternative memory allocator, so mixing g_malloc/g_free with malloc/free was not safe. This was feature was dropped in 2.46.0 with: commit 3be6ed60aa58095691bd697344765e715a327fc1 Author: Alexander Larsson <alexl@redhat.com> Date: Sat Jun 27 18:38:42 2015 +0200 Deprecate and drop support for memory vtables Applications are still encourged to match g_malloc/g_free, but it is no longer a mandatory requirement for correctness, just stylistic. This is explicitly clarified in commit 1f24b36607bf708f037396014b2cdbc08d67b275 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Thu Sep 5 14:37:54 2019 +0100 gmem: clarify that g_malloc always uses the system allocator Applications can still use custom allocators in general, but they must do this by linking to a library that replaces the core malloc/free implemenentation entirely, instead of via a glib specific call. This means that libvirt does not need to be concerned about use of g_malloc/g_free causing an ABI change in the public libary, and can avoid memory copying when talking to external libraries. This patch probes for glib, which provides the foundation layer with a collection of data structures, helper APIs, and platform portability logic. Later patches will introduce linkage to gobject which provides the object type system, built on glib, and gio which providing objects for various interesting tasks, most notably including DBus client and server support and portable sockets APIs, but much more too. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-29 23:12:24 +08:00
$(GLIB_CFLAGS) \
$(NULL)
AM_LDFLAGS = \
$(RELRO_LDFLAGS) \
$(NO_INDIRECT_LDFLAGS) \
$(NO_UNDEFINED_LDFLAGS) \
$(NULL)
ICON_FILES = \
libvirt_win_icon_16x16.ico \
libvirt_win_icon_32x32.ico \
libvirt_win_icon_48x48.ico \
libvirt_win_icon_64x64.ico \
virsh_win_icon.rc
EXTRA_DIST = \
$(ICON_FILES) \
$(conf_DATA) \
virt-xml-validate.in \
virt-pki-validate.in \
virt-sanlock-cleanup.in \
libvirt-guests.sysconf \
virt-login-shell.conf \
virsh-edit.c \
bash-completion/vsh \
libvirt_recover_xattrs.sh \
$(NULL)
CLEANFILES =
DISTCLEANFILES =
MAINTAINERCLEANFILES =
confdir = $(sysconfdir)/libvirt
conf_DATA =
bin_SCRIPTS = virt-xml-validate virt-pki-validate
bin_PROGRAMS = virsh virt-admin
libexec_SCRIPTS = libvirt-guests.sh
if WITH_SANLOCK
Support automatic creation of leases for disks in sanlock The current sanlock plugin requires a central management application to manually add <lease> elements to each guest, to protect resources that are assigned to it (eg writable disks). This makes the sanlock plugin useless for usage in more ad hoc deployment environments where there is no central authority to associate disks with leases. This patch adds a mode where the sanlock plugin will automatically create leases for each assigned read-write disk, using a md5 checksum of the fully qualified disk path. This can work pretty well if guests are using stable disk paths for block devices eg /dev/disk/by-path/XXXX symlinks, or if all hosts have NFS volumes mounted in a consistent pattern. The plugin will create one lockspace for managing disks with filename /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__. For each VM disks, there will be another file to hold a lease /var/lib/libvirt/sanlock/5903e5d25e087e60a20fe4566fab41fd Each VM disk lease is usually 1 MB in size. The script virt-sanlock-cleanup should be run periodically to remove unused lease files from the lockspace directory. To make use of this capability the admin will need to do several tasks: - Mount an NFS volume (or other shared filesystem) on /var/lib/libvirt/sanlock - Configure 'host_id' in /etc/libvirt/qemu-sanlock.conf with a unique value for each host with the same NFS mount - Toggle the 'auto_disk_leases' parameter in qemu-sanlock.conf Technically the first step can be skipped, in which case sanlock will only protect against 2 vms on the same host using the same disk (or the same VM being started twice due to error by libvirt). * src/locking/libvirt_sanlock.aug, src/locking/sanlock.conf, src/locking/test_libvirt_sanlock.aug: Add config params for configuring auto lease setup * libvirt.spec.in: Add virt-sanlock-cleanup program, man page * tools/virt-sanlock-cleanup.in: Script to purge unused disk resource lease files
2011-06-14 16:29:00 +08:00
sbin_SCRIPTS = virt-sanlock-cleanup
DISTCLEANFILES += virt-sanlock-cleanup
endif WITH_SANLOCK
if WITH_LOGIN_SHELL
conf_DATA += virt-login-shell.conf
bin_PROGRAMS += virt-login-shell
tools: split virt-login-shell into two binaries The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 17:58:31 +08:00
libexec_PROGRAMS = virt-login-shell-helper
endif WITH_LOGIN_SHELL
if WITH_HOST_VALIDATE
bin_PROGRAMS += virt-host-validate
endif WITH_HOST_VALIDATE
virt-xml-validate: virt-xml-validate.in Makefile
$(AM_V_GEN)sed -e 's|[@]schemadir@|$(pkgdatadir)/schemas|g' \
-e 's|[@]VERSION@|$(VERSION)|g' \
< $< > $@ || (rm $@ && exit 1) && chmod +x $@
virt-pki-validate: virt-pki-validate.in Makefile
$(AM_V_GEN)sed -e 's|[@]sysconfdir@|$(sysconfdir)|g' \
-e 's|[@]VERSION@|$(VERSION)|g' \
< $< > $@ || (rm $@ && exit 1) && chmod +x $@
Support automatic creation of leases for disks in sanlock The current sanlock plugin requires a central management application to manually add <lease> elements to each guest, to protect resources that are assigned to it (eg writable disks). This makes the sanlock plugin useless for usage in more ad hoc deployment environments where there is no central authority to associate disks with leases. This patch adds a mode where the sanlock plugin will automatically create leases for each assigned read-write disk, using a md5 checksum of the fully qualified disk path. This can work pretty well if guests are using stable disk paths for block devices eg /dev/disk/by-path/XXXX symlinks, or if all hosts have NFS volumes mounted in a consistent pattern. The plugin will create one lockspace for managing disks with filename /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__. For each VM disks, there will be another file to hold a lease /var/lib/libvirt/sanlock/5903e5d25e087e60a20fe4566fab41fd Each VM disk lease is usually 1 MB in size. The script virt-sanlock-cleanup should be run periodically to remove unused lease files from the lockspace directory. To make use of this capability the admin will need to do several tasks: - Mount an NFS volume (or other shared filesystem) on /var/lib/libvirt/sanlock - Configure 'host_id' in /etc/libvirt/qemu-sanlock.conf with a unique value for each host with the same NFS mount - Toggle the 'auto_disk_leases' parameter in qemu-sanlock.conf Technically the first step can be skipped, in which case sanlock will only protect against 2 vms on the same host using the same disk (or the same VM being started twice due to error by libvirt). * src/locking/libvirt_sanlock.aug, src/locking/sanlock.conf, src/locking/test_libvirt_sanlock.aug: Add config params for configuring auto lease setup * libvirt.spec.in: Add virt-sanlock-cleanup program, man page * tools/virt-sanlock-cleanup.in: Script to purge unused disk resource lease files
2011-06-14 16:29:00 +08:00
virt-sanlock-cleanup: virt-sanlock-cleanup.in Makefile
$(AM_V_GEN)sed -e 's|[@]sysconfdir@|$(sysconfdir)|' \
-e 's|[@]localstatedir@|$(localstatedir)|' < $< > $@ \
Support automatic creation of leases for disks in sanlock The current sanlock plugin requires a central management application to manually add <lease> elements to each guest, to protect resources that are assigned to it (eg writable disks). This makes the sanlock plugin useless for usage in more ad hoc deployment environments where there is no central authority to associate disks with leases. This patch adds a mode where the sanlock plugin will automatically create leases for each assigned read-write disk, using a md5 checksum of the fully qualified disk path. This can work pretty well if guests are using stable disk paths for block devices eg /dev/disk/by-path/XXXX symlinks, or if all hosts have NFS volumes mounted in a consistent pattern. The plugin will create one lockspace for managing disks with filename /var/lib/libvirt/sanlock/__LIBVIRT__DISKS__. For each VM disks, there will be another file to hold a lease /var/lib/libvirt/sanlock/5903e5d25e087e60a20fe4566fab41fd Each VM disk lease is usually 1 MB in size. The script virt-sanlock-cleanup should be run periodically to remove unused lease files from the lockspace directory. To make use of this capability the admin will need to do several tasks: - Mount an NFS volume (or other shared filesystem) on /var/lib/libvirt/sanlock - Configure 'host_id' in /etc/libvirt/qemu-sanlock.conf with a unique value for each host with the same NFS mount - Toggle the 'auto_disk_leases' parameter in qemu-sanlock.conf Technically the first step can be skipped, in which case sanlock will only protect against 2 vms on the same host using the same disk (or the same VM being started twice due to error by libvirt). * src/locking/libvirt_sanlock.aug, src/locking/sanlock.conf, src/locking/test_libvirt_sanlock.aug: Add config params for configuring auto lease setup * libvirt.spec.in: Add virt-sanlock-cleanup program, man page * tools/virt-sanlock-cleanup.in: Script to purge unused disk resource lease files
2011-06-14 16:29:00 +08:00
|| (rm $@ && exit 1) && chmod +x $@
noinst_LTLIBRARIES = libvirt_shell.la
libvirt_shell_la_CFLAGS = \
$(AM_CFLAGS) \
$(READLINE_CFLAGS) \
$(NULL)
libvirt_shell_la_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
$(NULL)
libvirt_shell_la_LIBADD = \
../src/libvirt.la \
$(LIBXML_LIBS) \
$(READLINE_LIBS) \
build: link to glib library Add the main glib.h to internal.h so that all common code can use it. Historically glib allowed applications to register an alternative memory allocator, so mixing g_malloc/g_free with malloc/free was not safe. This was feature was dropped in 2.46.0 with: commit 3be6ed60aa58095691bd697344765e715a327fc1 Author: Alexander Larsson <alexl@redhat.com> Date: Sat Jun 27 18:38:42 2015 +0200 Deprecate and drop support for memory vtables Applications are still encourged to match g_malloc/g_free, but it is no longer a mandatory requirement for correctness, just stylistic. This is explicitly clarified in commit 1f24b36607bf708f037396014b2cdbc08d67b275 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Thu Sep 5 14:37:54 2019 +0100 gmem: clarify that g_malloc always uses the system allocator Applications can still use custom allocators in general, but they must do this by linking to a library that replaces the core malloc/free implemenentation entirely, instead of via a glib specific call. This means that libvirt does not need to be concerned about use of g_malloc/g_free causing an ABI change in the public libary, and can avoid memory copying when talking to external libraries. This patch probes for glib, which provides the foundation layer with a collection of data structures, helper APIs, and platform portability logic. Later patches will introduce linkage to gobject which provides the object type system, built on glib, and gio which providing objects for various interesting tasks, most notably including DBus client and server support and portable sockets APIs, but much more too. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-29 23:12:24 +08:00
$(GLIB_LIBS) \
$(NULL)
libvirt_shell_la_SOURCES = \
vsh.c vsh.h \
vsh-table.c vsh-table.h
virt_host_validate_SOURCES = \
virt-host-validate.c \
virt-host-validate-common.c virt-host-validate-common.h
VIRT_HOST_VALIDATE_QEMU = \
virt-host-validate-qemu.c \
virt-host-validate-qemu.h
VIRT_HOST_VALIDATE_LXC = \
virt-host-validate-lxc.c \
virt-host-validate-lxc.h
VIRT_HOST_VALIDATE_BHYVE = \
virt-host-validate-bhyve.c \
virt-host-validate-bhyve.h
if WITH_QEMU
virt_host_validate_SOURCES += $(VIRT_HOST_VALIDATE_QEMU)
else ! WITH_QEMU
EXTRA_DIST += $(VIRT_HOST_VALIDATE_QEMU)
endif ! WITH_QEMU
if WITH_LXC
virt_host_validate_SOURCES += $(VIRT_HOST_VALIDATE_LXC)
else ! WITH_LXC
EXTRA_DIST += $(VIRT_HOST_VALIDATE_LXC)
endif ! WITH_LXC
if WITH_BHYVE
virt_host_validate_SOURCES += $(VIRT_HOST_VALIDATE_BHYVE)
else ! WITH_BHYVE
EXTRA_DIST += $(VIRT_HOST_VALIDATE_BHYVE)
endif ! WITH_BHYVE
virt_host_validate_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
$(NULL)
virt_host_validate_LDADD = \
../src/libvirt.la \
build: link to glib library Add the main glib.h to internal.h so that all common code can use it. Historically glib allowed applications to register an alternative memory allocator, so mixing g_malloc/g_free with malloc/free was not safe. This was feature was dropped in 2.46.0 with: commit 3be6ed60aa58095691bd697344765e715a327fc1 Author: Alexander Larsson <alexl@redhat.com> Date: Sat Jun 27 18:38:42 2015 +0200 Deprecate and drop support for memory vtables Applications are still encourged to match g_malloc/g_free, but it is no longer a mandatory requirement for correctness, just stylistic. This is explicitly clarified in commit 1f24b36607bf708f037396014b2cdbc08d67b275 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Thu Sep 5 14:37:54 2019 +0100 gmem: clarify that g_malloc always uses the system allocator Applications can still use custom allocators in general, but they must do this by linking to a library that replaces the core malloc/free implemenentation entirely, instead of via a glib specific call. This means that libvirt does not need to be concerned about use of g_malloc/g_free causing an ABI change in the public libary, and can avoid memory copying when talking to external libraries. This patch probes for glib, which provides the foundation layer with a collection of data structures, helper APIs, and platform portability logic. Later patches will introduce linkage to gobject which provides the object type system, built on glib, and gio which providing objects for various interesting tasks, most notably including DBus client and server support and portable sockets APIs, but much more too. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-29 23:12:24 +08:00
$(GLIB_LIBS) \
$(NULL)
virt_host_validate_CFLAGS = \
$(AM_CFLAGS) \
$(NULL)
tools: split virt-login-shell into two binaries The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 17:58:31 +08:00
# virt-login-shell will be setuid, and must not link to anything
# except glibc. It wil scrub the environment and then invoke the
# real virt-login-shell-helper binary.
virt_login_shell_SOURCES = \
tools: split virt-login-shell into two binaries The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 17:58:31 +08:00
virt-login-shell.c
virt_login_shell_CPPFLAGS = $(STANDALONE_CPPFLAGS)
tools: split virt-login-shell into two binaries The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 17:58:31 +08:00
virt_login_shell_helper_SOURCES = \
virt-login-shell-helper.c
tools: split virt-login-shell into two binaries The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 17:58:31 +08:00
virt_login_shell_helper_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
$(NULL)
tools: split virt-login-shell into two binaries The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 17:58:31 +08:00
virt_login_shell_helper_LDADD = \
../src/libvirt.la \
../src/libvirt-lxc.la \
build: link to glib library Add the main glib.h to internal.h so that all common code can use it. Historically glib allowed applications to register an alternative memory allocator, so mixing g_malloc/g_free with malloc/free was not safe. This was feature was dropped in 2.46.0 with: commit 3be6ed60aa58095691bd697344765e715a327fc1 Author: Alexander Larsson <alexl@redhat.com> Date: Sat Jun 27 18:38:42 2015 +0200 Deprecate and drop support for memory vtables Applications are still encourged to match g_malloc/g_free, but it is no longer a mandatory requirement for correctness, just stylistic. This is explicitly clarified in commit 1f24b36607bf708f037396014b2cdbc08d67b275 Author: Daniel P. Berrangé <berrange@redhat.com> Date: Thu Sep 5 14:37:54 2019 +0100 gmem: clarify that g_malloc always uses the system allocator Applications can still use custom allocators in general, but they must do this by linking to a library that replaces the core malloc/free implemenentation entirely, instead of via a glib specific call. This means that libvirt does not need to be concerned about use of g_malloc/g_free causing an ABI change in the public libary, and can avoid memory copying when talking to external libraries. This patch probes for glib, which provides the foundation layer with a collection of data structures, helper APIs, and platform portability logic. Later patches will introduce linkage to gobject which provides the object type system, built on glib, and gio which providing objects for various interesting tasks, most notably including DBus client and server support and portable sockets APIs, but much more too. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-29 23:12:24 +08:00
$(GLIB_LIBS) \
$(NULL)
tools: split virt-login-shell into two binaries The virt-login-shell binary is a setuid program that takes no arguments. When invoked it looks at the invoking uid, resolves it to a username, and finds an LXC guest with the same name. It then starts the guest and runs the shell in side the namespaces of the container. Given this set of tasks the virt-login-shell binary needs to connect to libvirtd, make various other libvirt API calls. This is a problem for setuid binaries as various libraries that libvirt.so links to are not safe. For example, they have constructor functions which execute an unknown amount of code that can be influenced by env variables. For this reason virt-login-shell doesn't use libvirt.so, but instead links to a custom, cut down, set of source files sufficient to be a local client only. This introduces a problem for integrating glib2 into libvirt though, as once integrated, there would be no way to build virt-login-shell without an external dependancy on glib2 and this is definitely not setuid safe. To resolve this problem, we split the virt-login-shell binary into two parts. The first part is setuid and does almost nothing. It simply records the original uid+gid, and then invokes the virt-login-shell-helper binary. Crucially when it does this it completes scrubs all environment variables. It is thus safe for virt-login-shell-helper to link to the normal libvirt.so. Any things that constructor functions do cannot be influenced by user control env vars or cli args. Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-08-01 17:58:31 +08:00
virt_login_shell_helper_CFLAGS = \
$(AM_CFLAGS) \
$(NULL)
virsh_SOURCES = \
virsh.c virsh.h \
virsh-backup.c virsh-backup.h \
virsh-checkpoint.c virsh-checkpoint.h \
virsh-completer.c virsh-completer.h \
virsh-completer-domain.c virsh-completer-domain.h \
virsh-completer-checkpoint.c virsh-completer-checkpoint.h \
virsh-completer-host.c virsh-completer-host.h \
virsh-completer-interface.c virsh-completer-interface.h \
virsh-completer-network.c virsh-completer-network.h \
virsh-completer-nodedev.c virsh-completer-nodedev.h \
virsh-completer-nwfilter.c virsh-completer-nwfilter.h \
virsh-completer-pool.c virsh-completer-pool.h \
virsh-completer-secret.c virsh-completer-secret.h \
virsh-completer-snapshot.c virsh-completer-snapshot.h \
virsh-completer-volume.c virsh-completer-volume.h \
virsh-console.c virsh-console.h \
virsh-domain.c virsh-domain.h \
virsh-domain-monitor.c virsh-domain-monitor.h \
virsh-host.c virsh-host.h \
virsh-interface.c virsh-interface.h \
virsh-network.c virsh-network.h \
virsh-nodedev.c virsh-nodedev.h \
virsh-nwfilter.c virsh-nwfilter.h \
virsh-pool.c virsh-pool.h \
virsh-secret.c virsh-secret.h \
virsh-snapshot.c virsh-snapshot.h \
virsh-util.c virsh-util.h \
virsh-volume.c virsh-volume.h \
$(NULL)
virsh_LDFLAGS = \
$(AM_LDFLAGS) \
$(PIE_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
$(NULL)
virsh_LDADD = \
$(STATIC_BINARIES) \
../src/libvirt-lxc.la \
../src/libvirt-qemu.la \
libvirt_shell.la
virsh_CFLAGS = \
$(AM_CFLAGS) \
virsh: workaround readline prototypes warnings When building with clang 4.0.0, virsh build fails like this: gmake[3]: Entering directory '/usr/home/novel/code/libvirt/tools' CC virsh-virsh.o In file included from virsh.c:45: In file included from /usr/local/include/readline/readline.h:31: /usr/local/include/readline/rltypedefs.h:35:22: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] typedef int Function () __attribute__ ((deprecated)); ^ void /usr/local/include/readline/rltypedefs.h:36:24: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] typedef void VFunction () __attribute__ ((deprecated)); ^ void /usr/local/include/readline/rltypedefs.h:37:26: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] typedef char *CPFunction () __attribute__ ((deprecated)); ^ void /usr/local/include/readline/rltypedefs.h:38:28: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] typedef char **CPPFunction () __attribute__ ((deprecated)); ^ void In file included from virsh.c:45: /usr/local/include/readline/readline.h:385:23: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] extern int rl_message (); ^ void 5 errors generated. gmake[3]: *** [Makefile:2823: virsh-virsh.o] Error 1 Fix that by adding -D_FUNCTION_DEF to READLINE_CFLAGS to fix *Function related warnings and add a check for stdarg.h so we have HAVE_STDARG_H defined that's needed by the readline headers to use proper rl_message declaration. Bug report on the readline mailing list: http://lists.gnu.org/archive/html/bug-readline/2017-05/msg00004.html
2017-05-27 01:43:42 +08:00
$(READLINE_CFLAGS)
virt_admin_SOURCES = \
virt-admin.c virt-admin.h \
virt-admin-completer.c virt-admin-completer.h \
$(NULL)
virt_admin_LDFLAGS = \
$(AM_LDFLAGS) \
$(COVERAGE_LDFLAGS) \
$(STATIC_BINARIES) \
$(PIE_LDFLAGS) \
$(NULL)
virt_admin_LDADD = \
../src/libvirt-admin.la \
libvirt_shell.la \
$(LIBXML_LIBS) \
$(NULL)
virt_admin_CFLAGS = \
$(AM_CFLAGS) \
$(READLINE_CFLAGS)
BUILT_SOURCES =
if WITH_WIN_ICON
virsh_LDADD += virsh_win_icon.$(OBJEXT)
# Before you edit virsh_win_icon.rc, please note the following
# limitations of the resource file format:
#
# (1) '..' is not permitted in the icon filename field.
# (2) '-' is not permitted in the icon filename field.
# (3) Comments are not permitted in the file.
#
# Windows appears to choose the first <= 32x32 icon it finds
# in the resource file. Therefore you should list the available
# icons from largest to smallest, and make sure that the 32x32
# icon is the most legible.
#
# Windows .ICO is a special MS-only format. GIMP and other
# tools can write it. However there are several variations,
# and Windows seems to do its own colour quantization. More
# information is needed in this area.
virsh_win_icon.$(OBJEXT): virsh_win_icon.rc
$(AM_V_GEN)$(WINDRES) \
--input-format rc --input $< \
--output-format coff --output $@
endif WITH_WIN_ICON
install-data-local: install-systemd install-nss \
install-bash-completion
uninstall-local: uninstall-systemd uninstall-nss \
uninstall-bash-completion
install-sysconfig:
$(MKDIR_P) $(DESTDIR)$(sysconfdir)/sysconfig
$(INSTALL_DATA) $(srcdir)/libvirt-guests.sysconf \
$(DESTDIR)$(sysconfdir)/sysconfig/libvirt-guests
uninstall-sysconfig:
rm -f $(DESTDIR)$(sysconfdir)/sysconfig/libvirt-guests
rmdir $(DESTDIR)$(sysconfdir)/sysconfig ||:
EXTRA_DIST += libvirt-guests.sh.in
libvirt-guests.sh: libvirt-guests.sh.in $(top_builddir)/config.status
$(AM_V_GEN)sed \
-e 's|[@]PACKAGE[@]|$(PACKAGE)|g' \
-e 's|[@]bindir[@]|$(bindir)|g' \
-e 's|[@]localedir[@]|$(localedir)|g' \
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-e 's|[@]sbindir[@]|$(sbindir)|g' \
-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
< $< > $@-t && \
chmod a+x $@-t && \
mv $@-t $@
BUILT_SOURCES += libvirt-guests.sh
EXTRA_DIST += libvirt-guests.service.in
build: add $(prefix) to SYSTEMD_UNIT_DIR I noticed this problem when adding systemd support to netcf, because I setup the configure.ac to automatically prefer using systemd over initscripts when possible - although I had copied the install-data-local target from the example of libvirt's "libvirt-guests" service more or less verbatim, "make distcheck" would fail because it was trying to install the service file directly into /lib/systemd/system rather than into /home/user/some/unimportant/name/lib/systemd/system. This is caused by the install/uninstall rules for the systemd unit files relying on $(DESTDIR) pointing the installed files to the right place, but in reality $(DESTDIR) is empty during this part of make distcheck - it instead sets $(prefix) with the toplevel directory used for its test build/install/uninstall cycle. (This problem hasn't been seen when running "make distcheck" in libvirt because libvirt will never build/install systemd support unless explicitly told to do so on the configure commandline, and "make distcheck" doesn't put the "--with-initscript=..." option on the configure commandline.) I verified that the same problem does exist in libvirt by modifying libvirt's configure.ac to set: init_systemd=yes with_init_script=systemd+redhat This forces a build/install of the systemd unit files during distcheck, which yields an error like this: /usr/bin/install -c -m 644 virtlockd.service \ /lib/systemd/system/ libtool: install: warning: relinking `libvirt-qemu.la' /usr/bin/install: cannot remove '/lib/systemd/system/virtlockd.service': Permission denied make[4]: *** [install-systemd] Error 1 After adding $(prefix) to all the definitions of SYSTEMD_UNIT_DIR, make distcheck now completes successfully with the modified configure.ac, and the above lines change to something like this: /usr/bin/install -c -m 644 virtlockd.service \ /home/laine/devel/libvirt/libvirt-1.2.1/_inst/lib/systemd/system/
2014-01-17 20:11:58 +08:00
SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system
if LIBVIRT_INIT_SCRIPT_SYSTEMD
install-systemd: libvirt-guests.service install-sysconfig libvirt-guests.sh
$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
$(INSTALL_DATA) libvirt-guests.service \
$(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirt-guests.service
uninstall-systemd: uninstall-sysconfig
rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/libvirt-guests.service
rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) ||:
BUILT_SOURCES += libvirt-guests.service
else ! LIBVIRT_INIT_SCRIPT_SYSTEMD
install-systemd:
uninstall-systemd:
endif ! LIBVIRT_INIT_SCRIPT_SYSTEMD
libvirt-guests.service: libvirt-guests.service.in $(top_builddir)/config.status
$(AM_V_GEN)sed \
-e 's|[@]PACKAGE[@]|$(PACKAGE)|g' \
-e 's|[@]bindir[@]|$(bindir)|g' \
-e 's|[@]localedir[@]|$(localedir)|g' \
-e 's|[@]localstatedir[@]|$(localstatedir)|g' \
-e 's|[@]sbindir[@]|$(sbindir)|g' \
-e 's|[@]sysconfdir[@]|$(sysconfdir)|g' \
-e 's|[@]libexecdir[@]|$(libexecdir)|g' \
< $< > $@-t && \
mv $@-t $@
if WITH_BASH_COMPLETION
install-bash-completion:
$(MKDIR_P) "$(DESTDIR)$(BASH_COMPLETIONS_DIR)"
$(INSTALL_DATA) $(srcdir)/bash-completion/vsh \
"$(DESTDIR)$(BASH_COMPLETIONS_DIR)/vsh"
( cd $(DESTDIR)$(BASH_COMPLETIONS_DIR) && \
rm -f virsh virt-admin && \
$(LN_S) vsh virsh && \
$(LN_S) vsh virt-admin )
uninstall-bash-completion:
rm -f $(DESTDIR)$(BASH_COMPLETIONS_DIR)/vsh \
$(DESTDIR)$(BASH_COMPLETIONS_DIR)/virsh \
$(DESTDIR)$(BASH_COMPLETIONS_DIR)/virt-admin
rmdir $(DESTDIR)$(BASH_COMPLETIONS_DIR) ||:
else ! WITH_BASH_COMPLETION
install-bash-completion:
uninstall-bash-completion:
endif ! WITH_BASH_COMPLETION
EXTRA_DIST += wireshark/util/genxdrstub.pl
if WITH_WIRESHARK_DISSECTOR
ws_plugin_LTLIBRARIES = wireshark/src/libvirt.la
wireshark_src_libvirt_la_CFLAGS = \
-I wireshark/src $(WIRESHARK_DISSECTOR_CFLAGS) $(XDR_CFLAGS)
wireshark_src_libvirt_la_LDFLAGS = -avoid-version -module
wireshark_src_libvirt_la_SOURCES = \
wireshark/src/packet-libvirt.h \
wireshark/src/packet-libvirt.c \
wireshark/src/plugin.c
wireshark/src/packet-libvirt.c: wireshark/src/packet-libvirt.h \
wireshark/src/libvirt/protocol.h
WS_DISSECTOR_PROTO_FILES = \
$(abs_top_srcdir)/src/remote/remote_protocol.x \
$(abs_top_srcdir)/src/remote/qemu_protocol.x \
$(abs_top_srcdir)/src/remote/lxc_protocol.x \
$(abs_top_srcdir)/src/rpc/virkeepaliveprotocol.x
wireshark/src/libvirt/protocol.h: wireshark/util/genxdrstub.pl \
$(WS_DISSECTOR_PROTO_FILES)
$(AM_V_GEN)$(MKDIR_P) wireshark/src/libvirt && \
cd wireshark/src && \
LIBVIRT_VERSION=$(LIBVIRT_VERSION) \
$(PERL) $(abs_top_srcdir)/tools/wireshark/util/genxdrstub.pl \
$(WS_DISSECTOR_PROTO_FILES)
endif WITH_WIRESHARK_DISSECTOR
if WITH_BSD_NSS
LIBVIRT_NSS_SYMBOL_FILE = \
$(srcdir)/nss/libvirt_nss_bsd.syms
LIBVIRT_GUEST_NSS_SYMBOL_FILE = \
$(LIBVIRT_NSS_SYMBOL_FILE)
NSS_SO_VER = 1
install-nss:
( cd $(DESTDIR)$(libdir) && \
rm -f nss_libvirt.so.$(NSS_SO_VER) && \
$(LN_S) libnss_libvirt.so.$(NSS_SO_VER) nss_libvirt.so.$(NSS_SO_VER) && \
rm -f nss_libvirt_guest.so.$(NSS_SO_VER) && \
$(LN_S) libnss_libvirt_guest.so.$(NSS_SO_VER) \
nss_libvirt_guest.so.$(NSS_SO_VER))
uninstall-nss:
-rm -f $(DESTDIR)$(libdir)/nss_libvirt.so.$(NSS_SO_VER)
-rm -f $(DESTDIR)$(libdir)/nss_libvirt_guest.so.$(NSS_SO_VER)
else ! WITH_BSD_NSS
LIBVIRT_NSS_SYMBOL_FILE = \
$(srcdir)/nss/libvirt_nss.syms
LIBVIRT_GUEST_NSS_SYMBOL_FILE = \
$(srcdir)/nss/libvirt_guest_nss.syms
NSS_SO_VER = 2
install-nss:
uninstall-nss:
endif ! WITH_BSD_NSS
LIBVIRT_NSS_SOURCES = \
nss/libvirt_nss.c \
nss/libvirt_nss.h \
nss/libvirt_nss_leases.c \
nss/libvirt_nss_leases.h \
$(NULL)
if WITH_NSS
noinst_LTLIBRARIES += nss/libnss_libvirt_impl.la
nss_libnss_libvirt_impl_la_SOURCES = \
$(LIBVIRT_NSS_SOURCES)
nss_libnss_libvirt_impl_la_CPPFLAGS = $(STANDALONE_CPPFLAGS)
nss_libnss_libvirt_impl_la_CFLAGS = \
-DLIBVIRT_NSS \
$(YAJL_CFLAGS) \
$(AM_CFLAGS) \
$(NULL)
nss_libnss_libvirt_impl_la_LIBADD = \
$(YAJL_LIBS) \
$(NULL)
nss_libnss_libvirt_la_SOURCES =
nss_libnss_libvirt_la_LDFLAGS = \
$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_NSS_SYMBOL_FILE) \
$(AM_LDFLAGS) \
-module \
-export-dynamic \
-avoid-version \
-shared \
-shrext .so.$(NSS_SO_VER)
nss_libnss_libvirt_la_LIBADD = \
nss/libnss_libvirt_impl.la
nss_libnss_libvirt_la_DEPENDENCIES = \
$(nss_libnss_libvirt_la_LIBADD) \
$(LIBVIRT_NSS_SYMBOL_FILE)
noinst_LTLIBRARIES += nss/libnss_libvirt_guest_impl.la
nss_libnss_libvirt_guest_impl_la_SOURCES = \
$(LIBVIRT_NSS_SOURCES) \
nss/libvirt_nss_macs.h \
nss/libvirt_nss_macs.c \
$(NULL)
nss_libnss_libvirt_guest_impl_la_CPPFLAGS = $(STANDALONE_CPPFLAGS)
nss_libnss_libvirt_guest_impl_la_CFLAGS = \
-DLIBVIRT_NSS \
-DLIBVIRT_NSS_GUEST \
$(YAJL_CFLAGS) \
$(AM_CFLAGS) \
$(NULL)
nss_libnss_libvirt_guest_impl_la_LIBADD = \
$(YAJL_LIBS) \
$(NULL)
nss_libnss_libvirt_guest_la_SOURCES =
nss_libnss_libvirt_guest_la_LDFLAGS = \
$(VERSION_SCRIPT_FLAGS)$(LIBVIRT_GUEST_NSS_SYMBOL_FILE) \
$(AM_LDFLAGS) \
-module \
-export-dynamic \
-avoid-version \
-shared \
-shrext .so.$(NSS_SO_VER)
nss_libnss_libvirt_guest_la_LIBADD = \
nss/libnss_libvirt_guest_impl.la
nss_libnss_libvirt_guest_la_DEPENDENCIES = \
$(nss_libnss_libvirt_guest_la_LIBADD) \
$(LIBVIRT_GUEST_NSS_SYMBOL_FILE)
lib_LTLIBRARIES = \
nss/libnss_libvirt.la \
nss/libnss_libvirt_guest.la
endif WITH_NSS
EXTRA_DIST += $(LIBVIRT_NSS_SOURCES) \
$(srcdir)/nss/libvirt_nss.syms \
$(srcdir)/nss/libvirt_nss_bsd.syms \
$(srcdir)/nss/libvirt_guest_nss.syms
clean-local:
-rm -rf wireshark/src/libvirt
CLEANFILES += $(bin_SCRIPTS)
CLEANFILES += *.gcov .libs/*.gcda .libs/*.gcno *.gcno *.gcda *.i *.s
DISTCLEANFILES += $(BUILT_SOURCES)