openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
13,525 Commits 7 Branches 582 Tags 800 MiB
C 96.1%
Python 1.4%
Meson 0.9%
Perl 0.6%
Shell 0.5%
Other 0.4%
Go to file
Daniel P. Berrange 686026225e Auto-generate helpers for checking access control rules 
Extend the 'gendispatch.pl' script to be able to generate
three new types of file.

- 'aclheader' - defines signatures of helper APIs for
  doing authorization checks. There is one helper API
  for each API requiring an auth check. Any @acl
  annotations result in a method being generated with
  a suffix of 'EnsureACL'. If the ACL check requires
  examination of flags, an extra 'flags' param will be
  present. Some examples

  extern int virConnectBaselineCPUEnsureACL(void);
  extern int virConnectDomainEventDeregisterEnsureACL(virDomainDefPtr domain);
  extern int virDomainAttachDeviceFlagsEnsureACL(virDomainDefPtr domain, unsigned int flags);

  Any @aclfilter annotations resuilt in a method being
  generated with a suffix of 'CheckACL'.

  extern int virConnectListAllDomainsCheckACL(virDomainDefPtr domain);

  These are used for filtering individual objects from APIs
  which return a list of objects

- 'aclbody' - defines the actual implementation of the
  methods described above. This calls into the access
  manager APIs. A complex example:

    /* Returns: -1 on error (denied==error), 0 on allowed */
    int virDomainAttachDeviceFlagsEnsureACL(virConnectPtr conn,
                                            virDomainDefPtr domain,
                                            unsigned int flags)
    {
        virAccessManagerPtr mgr;
        int rv;

        if (!(mgr = virAccessManagerGetDefault()))
            return -1;

        if ((rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_WRITE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG|VIR_DOMAIN_AFFECT_LIVE)) == 0) &&
            (rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        if (((flags & (VIR_DOMAIN_AFFECT_CONFIG)) == (VIR_DOMAIN_AFFECT_CONFIG)) &&
            (rv = virAccessManagerCheckDomain(mgr,
                                              conn->driver->name,
                                              domain,
                                              VIR_ACCESS_PERM_DOMAIN_SAVE)) <= 0) {
            virObjectUnref(mgr);
            if (rv == 0)
                virReportError(VIR_ERR_ACCESS_DENIED, NULL);
            return -1;
        }
        virObjectUnref(mgr);
        return 0;
    }

- 'aclsyms' - generates a linker script to export the
   APIs to drivers. Some examples

  virConnectBaselineCPUEnsureACL;
  virConnectCompareCPUEnsureACL;

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
 		2013-06-24 15:25:19 +01:00
.gnulib@a363f4ed4a build: update to latest gnulib, for syntax-check 2013-05-10 20:52:57 -06:00
build-aux syntax-check: mandate space after mid-line semicolon 2013-05-28 08:26:05 -06:00
daemon Add a policy kit access control driver 2013-06-24 15:24:36 +01:00
docs conf: add features to volume target XML 2013-06-21 13:25:30 +02:00
examples syntax: prefer space after semicolon in for loop 2013-05-28 07:56:07 -06:00
gnulib maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
include Define basic internal API for access control 2013-06-24 15:24:36 +01:00
m4 FreeBSD: disable buggy -fstack-protector-all 2013-05-15 15:20:52 -06:00
po Add a policy kit access control driver 2013-06-24 15:24:36 +01:00
python syntax: prefer space after semicolon in for loop 2013-05-28 07:56:07 -06:00
src Auto-generate helpers for checking access control rules 2013-06-24 15:25:19 +01:00
tests storage: add support for creating qcow2 images with extensions 2013-06-21 13:25:30 +02:00
tools util: switch virBufferTrim to void 2013-06-19 09:21:09 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore Auto-generate helpers for checking access control rules 2013-06-24 15:25:19 +01:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap Autogenerate AUTHORS 2012-10-19 12:44:56 -04:00
AUTHORS.in Add John Ferlan to the committers list 2013-02-05 10:59:32 -05:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
HACKING syntax-check: mandate space after mid-line semicolon 2013-05-28 08:26:05 -06:00
Makefile.am maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
Makefile.nonreentrant maint: use LGPL correctly 2013-05-20 14:03:48 -06:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00
autobuild.sh Set PKG_CONFIG_LIBDIR in autobuild.sh 2013-05-17 17:09:29 +01:00
autogen.sh build: fix incremental autogen.sh when no AUTHORS is present 2012-12-03 14:59:09 -07:00
bootstrap maint: update to latest gnulib 2013-05-08 14:54:04 -06:00
bootstrap.conf Include GNULIB mkdtemp module 2013-05-17 17:09:29 +01:00
cfg.mk maint: don't use config.h in .h files 2013-06-05 05:53:25 -06:00
configure.ac BSD: implement bridge add/remove port and set STP 2013-06-21 10:23:28 +02:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in conf: add features to volume target XML 2013-06-21 13:25:30 +02:00
mingw-libvirt.spec.in conf: add features to volume target XML 2013-06-21 13:25:30 +02:00
run.in run: license as LGPL 2013-02-23 14:03:19 -07:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>