Re: [libvirt] [PATCH 00/19] Fine grained access control for libvirt APIs

On 19.06.2013 19:00, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; > > This is a repost of > > http://www.redhat.com/archives/libvir-list/2012-May/msg00090.html > > Most of the early patches in that series are now merged. What is > left is the actual access control work. The first patches setup > the infrastructure and provide two drivers (policy kit and selinux). > The remaining patches add access control checks to all the public > APIs in each driver. The final patch adds a test case to validate > that every driver API impl has an access control check present. > > Still todo > > - Optimize the polkit driver by making direct dbus calls > instead of spawning the polkit helper program > > - Add filtering of returned objects from the various > vir*List* APIs > > - Finish adding acl checks to the legacy Xen driver in > about 6 apis. > > - Write a standalone access control driver as alternative > to polkit > > - Audit permission names & groups to ensure we have an > optimial set of permissions defined to cover all our > APIs. > > Daniel P. Berrange (19): > Define basic internal API for access control > Set conn->driver before running driver connectOpen method > Setup default access control manager in libvirtd > Add a policy kit access control driver > Add an SELinux access control driver > Add ACL annotations to all RPC messages > Auto-generate helpers for checking access control rules > Add ACL checks into the QEMU driver > Add ACL checks into the LXC driver > Add ACL checks into the UML driver > Add ACL checks into the Xen driver > Add ACL checks into the libxl driver > Add ACL checks into the storage driver > Add ACL checks into the network driver > Add ACL checks into the interface driver > Add ACL checks into the node device driver > Add ACL checks into the nwfilter driver > Add ACL checks into the secrets driver > Add validation that all APIs contain ACL checks > > .gitignore | 10 + > daemon/Makefile.am | 1 + > daemon/libvirtd-config.c | 4 + > daemon/libvirtd-config.h | 2 + > daemon/libvirtd.aug | 1 + > daemon/libvirtd.c | 28 +- > daemon/libvirtd.conf | 9 + > daemon/test_libvirtd.aug.in | 4 + > include/libvirt/virterror.h | 4 + > m4/virt-compile-warnings.m4 | 1 + > m4/virt-selinux.m4 | 2 + > po/POTFILES.in | 3 + > src/Makefile.am | 187 ++++++++- > src/access/genpolkit.pl | 119 ++++++ > src/access/viraccessdriver.h | 89 ++++ > src/access/viraccessdrivernop.c | 118 ++++++ > src/access/viraccessdrivernop.h | 28 ++ > src/access/viraccessdriverpolkit.c | 399 ++++++++++++++++++ > src/access/viraccessdriverpolkit.h | 28 ++ > src/access/viraccessdriverselinux.c | 565 +++++++++++++++++++++++++ > src/access/viraccessdriverselinux.h | 28 ++ > src/access/viraccessdriverstack.c | 285 +++++++++++++ > src/access/viraccessdriverstack.h | 32 ++ > src/access/viraccessmanager.c | 351 ++++++++++++++++ > src/access/viraccessmanager.h | 91 ++++ > src/access/viraccessperm.c | 84 ++++ > src/access/viraccessperm.h | 647 +++++++++++++++++++++++++++++ > src/check-aclrules.pl | 144 +++++++ > src/interface/interface_backend_netcf.c | 115 +++++ > src/interface/interface_backend_udev.c | 85 +++- > src/internal.h | 4 + > src/libvirt.c | 11 +- > src/libvirt_private.syms | 37 ++ > src/libxl/libxl_driver.c | 187 ++++++++- > src/locking/lock_protocol.x | 8 + > src/lxc/lxc_driver.c | 219 +++++++++- > src/network/bridge_driver.c | 61 +++ > src/node_device/node_device_driver.c | 36 ++ > src/nwfilter/nwfilter_driver.c | 26 ++ > src/qemu/qemu_driver.c | 716 ++++++++++++++++++++++++++++---- > src/remote/lxc_protocol.x | 1 + > src/remote/qemu_protocol.x | 4 + > src/remote/remote_protocol.x | 406 ++++++++++++++++++ > src/rpc/gendispatch.pl | 211 +++++++++- > src/secret/secret_driver.c | 31 ++ > src/storage/storage_driver.c | 155 ++++++- > src/uml/uml_driver.c | 174 +++++++- > src/util/virerror.c | 8 + > src/util/virlog.c | 3 +- > src/util/virlog.h | 1 + > src/xen/xen_driver.c | 217 +++++++++- > 51 files changed, 5827 insertions(+), 153 deletions(-) > create mode 100755 src/access/genpolkit.pl > create mode 100644 src/access/viraccessdriver.h > create mode 100644 src/access/viraccessdrivernop.c > create mode 100644 src/access/viraccessdrivernop.h > create mode 100644 src/access/viraccessdriverpolkit.c > create mode 100644 src/access/viraccessdriverpolkit.h > create mode 100644 src/access/viraccessdriverselinux.c > create mode 100644 src/access/viraccessdriverselinux.h > create mode 100644 src/access/viraccessdriverstack.c > create mode 100644 src/access/viraccessdriverstack.h > create mode 100644 src/access/viraccessmanager.c > create mode 100644 src/access/viraccessmanager.h > create mode 100644 src/access/viraccessperm.c > create mode 100644 src/access/viraccessperm.h > create mode 100644 src/check-aclrules.pl > ACK series, but see my comments to patches.