[libvirt] [PATCH 0/9] Pass identity information between daemons
This was previously posted as part of the daemon split series:
https://www.redhat.com/archives/libvir-list/2019-July/msg01754.html
The patches were not merged at the time since they needed more work
which is now done by this series.
This is all about enabling the polkit fine grain auth checks to
work correctly with the split daemons
A mgmt app running non-root will connect to virtqemud. virtqemud
sees the client identity as the non-root user. virtqemud in turn
may connect to virtnetworkd, forwarding API calls that the mgmt
app makes. virtnetworkd sees the client identity as the root user.
This series allows virtqemud to pass on the non-root identity of
the mgmt app to virtnetworkd, so that polkit checks are done against
the correct identity.
Daniel P. Berrangé (9):
api: introduce virConnectSetIdentity for passing uid, gid, selinux
info
util: change identity class attribute names
tests: fix debug messages wrt selinux context when test fails
util: make generic identity accessors private
util: removed unused virIdentityIsEqual method
util: sanitize return values for virIdentity getters
util: store identity attrs as virTypedParameter internally
util: allow identity to be imported/exported as typed parameters
remote: pass identity across to newly opened daemons
include/libvirt/libvirt-host.h | 74 +++++
src/access/viraccessdriverpolkit.c | 22 +-
src/admin/admin_server.c | 52 +--
src/driver-hypervisor.h | 7 +
src/libvirt-host.c | 51 +++
src/libvirt_private.syms | 21 +-
src/libvirt_public.syms | 4 +
src/libvirt_remote.syms | 1 +
src/remote/remote_daemon_dispatch.c | 112 ++++++-
src/remote/remote_driver.c | 1 +
src/remote/remote_protocol.x | 16 +-
src/remote_protocol-structs | 8 +
src/rpc/virnetserverclient.c | 20 +-
src/rpc/virnetserverclient.h | 2 +
src/util/viridentity.c | 488 ++++++++++++++++------------
src/util/viridentity.h | 71 ++--
tests/viridentitytest.c | 115 ++-----
tests/virnetserverclienttest.c | 40 +--
18 files changed, 672 insertions(+), 433 deletions(-)
--
2.21.0