Re: [libvirt] [PATCH 00/19] Fine grained access control for libvirt APIs

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; This is a repost of http://www.redhat.com/archives/libvir-list/2012-May/msg00090.html Most of the early patches in that series are now merged. What is left is the actual access control work. The first patches setup the infrastructure and provide two drivers (policy kit and selinux). The remaining patches add access control checks to all the public APIs in each driver. The final patch adds a test case to validate that every driver API impl has an access control check present. Still todo - Optimize the polkit driver by making direct dbus calls instead of spawning the polkit helper program - Add filtering of returned objects from the various vir*List* APIs - Finish adding acl checks to the legacy Xen driver in about 6 apis. - Write a standalone access control driver as alternative to polkit - Audit permission names & groups to ensure we have an optimial set of permissions defined to cover all our APIs. Daniel P. Berrange (19): Define basic internal API for access control Set conn->driver before running driver connectOpen method Setup default access control manager in libvirtd Add a policy kit access control driver Add an SELinux access control driver Add ACL annotations to all RPC messages Auto-generate helpers for checking access control rules Add ACL checks into the QEMU driver Add ACL checks into the LXC driver Add ACL checks into the UML driver Add ACL checks into the Xen driver Add ACL checks into the libxl driver Add ACL checks into the storage driver Add ACL checks into the network driver Add ACL checks into the interface driver Add ACL checks into the node device driver Add ACL checks into the nwfilter driver Add ACL checks into the secrets driver Add validation that all APIs contain ACL checks .gitignore | 10 + daemon/Makefile.am | 1 + daemon/libvirtd-config.c | 4 + daemon/libvirtd-config.h | 2 + daemon/libvirtd.aug | 1 + daemon/libvirtd.c | 28 +- daemon/libvirtd.conf | 9 + daemon/test_libvirtd.aug.in | 4 + include/libvirt/virterror.h | 4 + m4/virt-compile-warnings.m4 | 1 + m4/virt-selinux.m4 | 2 + po/POTFILES.in | 3 + src/Makefile.am | 187 ++++++++- src/access/genpolkit.pl | 119 ++++++ src/access/viraccessdriver.h | 89 ++++ src/access/viraccessdrivernop.c | 118 ++++++ src/access/viraccessdrivernop.h | 28 ++ src/access/viraccessdriverpolkit.c | 399 ++++++++++++++++++ src/access/viraccessdriverpolkit.h | 28 ++ src/access/viraccessdriverselinux.c | 565 +++++++++++++++++++++++++ src/access/viraccessdriverselinux.h | 28 ++ src/access/viraccessdriverstack.c | 285 +++++++++++++ src/access/viraccessdriverstack.h | 32 ++ src/access/viraccessmanager.c | 351 ++++++++++++++++ src/access/viraccessmanager.h | 91 ++++ src/access/viraccessperm.c | 84 ++++ src/access/viraccessperm.h | 647 +++++++++++++++++++++++++++++ src/check-aclrules.pl | 144 +++++++ src/interface/interface_backend_netcf.c | 115 +++++ src/interface/interface_backend_udev.c | 85 +++- src/internal.h | 4 + src/libvirt.c | 11 +- src/libvirt_private.syms | 37 ++ src/libxl/libxl_driver.c | 187 ++++++++- src/locking/lock_protocol.x | 8 + src/lxc/lxc_driver.c | 219 +++++++++- src/network/bridge_driver.c | 61 +++ src/node_device/node_device_driver.c | 36 ++ src/nwfilter/nwfilter_driver.c | 26 ++ src/qemu/qemu_driver.c | 716 ++++++++++++++++++++++++++++---- src/remote/lxc_protocol.x | 1 + src/remote/qemu_protocol.x | 4 + src/remote/remote_protocol.x | 406 ++++++++++++++++++ src/rpc/gendispatch.pl | 211 +++++++++- src/secret/secret_driver.c | 31 ++ src/storage/storage_driver.c | 155 ++++++- src/uml/uml_driver.c | 174 +++++++- src/util/virerror.c | 8 + src/util/virlog.c | 3 +- src/util/virlog.h | 1 + src/xen/xen_driver.c | 217 +++++++++- 51 files changed, 5827 insertions(+), 153 deletions(-) create mode 100755 src/access/genpolkit.pl create mode 100644 src/access/viraccessdriver.h create mode 100644 src/access/viraccessdrivernop.c create mode 100644 src/access/viraccessdrivernop.h create mode 100644 src/access/viraccessdriverpolkit.c create mode 100644 src/access/viraccessdriverpolkit.h create mode 100644 src/access/viraccessdriverselinux.c create mode 100644 src/access/viraccessdriverselinux.h create mode 100644 src/access/viraccessdriverstack.c create mode 100644 src/access/viraccessdriverstack.h create mode 100644 src/access/viraccessmanager.c create mode 100644 src/access/viraccessmanager.h create mode 100644 src/access/viraccessperm.c create mode 100644 src/access/viraccessperm.h create mode 100644 src/check-aclrules.pl