[libvirt] [PATCH 1/2] build: Link security manager into libvirt.so
Security manager is not a dynamically loadable driver, it's a common infrastructure similar to util, conf, cpu, etc. used by individual drivers. Such code is allowed to be linked into libvirt.so. This reverts commit ec5b7bd2ecbf40ceff5b2d4fc00d5cfdfba966a4 and most of aae5cfb69948fddef556f8f5b9f80a444f9c6125. This patch is supposed to fix virdrivermoduletest failures for qemu and lxc drivers as well as libvirtd's ability to load qemu and lxc drivers. --- daemon/Makefile.am | 1 - src/Makefile.am | 3 +-- src/libvirt_private.syms | 31 +++++++++++++++++++++++++++++++ tests/Makefile.am | 5 ++--- 4 files changed, 34 insertions(+), 6 deletions(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index b8ecbef..928aeaf 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -164,7 +164,6 @@ endif if WITH_NWFILTER libvirtd_LDADD += ../src/libvirt_driver_nwfilter.la endif -libvirtd_LDADD += ../src/libvirt_driver_security.la endif libvirtd_LDADD += ../src/libvirt.la diff --git a/src/Makefile.am b/src/Makefile.am index 6f8838b..2b09141 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1161,8 +1161,7 @@ endif libvirt_driver_security_la_SOURCES = $(SECURITY_DRIVER_SOURCES) noinst_LTLIBRARIES += libvirt_driver_security.la -# Stateful, so linked to daemon instead -#libvirt_la_BUILT_LIBADD += libvirt_driver_security.la +libvirt_la_BUILT_LIBADD += libvirt_driver_security.la libvirt_driver_security_la_CFLAGS = \ -I$(top_srcdir)/src/conf $(AM_CFLAGS) libvirt_driver_security_la_LDFLAGS = $(AM_LDFLAGS) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 97f3b14..71341a2 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -962,6 +962,37 @@ virSecretUsageTypeTypeFromString; virSecretUsageTypeTypeToString; +# security_driver.h +virSecurityDriverLookup; + + +# security_manager.h +virSecurityManagerClearSocketLabel; +virSecurityManagerFree; +virSecurityManagerGenLabel; +virSecurityManagerGetDOI; +virSecurityManagerGetModel; +virSecurityManagerGetProcessLabel; +virSecurityManagerNew; +virSecurityManagerNewStack; +virSecurityManagerNewDAC; +virSecurityManagerReleaseLabel; +virSecurityManagerReserveLabel; +virSecurityManagerRestoreImageLabel; +virSecurityManagerRestoreAllLabel; +virSecurityManagerRestoreHostdevLabel; +virSecurityManagerRestoreSavedStateLabel; +virSecurityManagerSetAllLabel; +virSecurityManagerSetDaemonSocketLabel; +virSecurityManagerSetImageFDLabel; +virSecurityManagerSetImageLabel; +virSecurityManagerSetHostdevLabel; +virSecurityManagerSetProcessLabel; +virSecurityManagerSetSavedStateLabel; +virSecurityManagerSetSocketLabel; +virSecurityManagerVerify; +virSecurityManagerGetMountOptions; + # sexpr.h sexpr_append; sexpr_cons; diff --git a/tests/Makefile.am b/tests/Makefile.am index b931cea..a466480 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -294,8 +294,7 @@ endif if WITH_QEMU -qemu_LDADDS = ../src/libvirt_driver_qemu_impl.la \ - ../src/libvirt_driver_security.la +qemu_LDADDS = ../src/libvirt_driver_qemu_impl.la if WITH_NETWORK qemu_LDADDS += ../src/libvirt_driver_network_impl.la endif @@ -520,7 +519,7 @@ virauthconfigtest_LDADD = $(LDADDS) seclabeltest_SOURCES = \ seclabeltest.c -seclabeltest_LDADD = $(LDADDS) ../src/libvirt_driver_security.la +seclabeltest_LDADD = $(LDADDS) virbuftest_SOURCES = \ virbuftest.c testutils.h testutils.c -- 1.7.11.1
Security manager is not a dynamically loadable driver. Let's avoid the confusion by renaming libvirt_driver_security library as libvirt_security_manager. --- src/Makefile.am | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/src/Makefile.am b/src/Makefile.am index 2b09141..d74497d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1159,22 +1159,22 @@ libvirt_driver_nwfilter_la_SOURCES = $(NWFILTER_DRIVER_SOURCES) endif -libvirt_driver_security_la_SOURCES = $(SECURITY_DRIVER_SOURCES) -noinst_LTLIBRARIES += libvirt_driver_security.la -libvirt_la_BUILT_LIBADD += libvirt_driver_security.la -libvirt_driver_security_la_CFLAGS = \ +libvirt_security_manager_la_SOURCES = $(SECURITY_DRIVER_SOURCES) +noinst_LTLIBRARIES += libvirt_security_manager.la +libvirt_la_BUILT_LIBADD += libvirt_security_manager.la +libvirt_security_manager_la_CFLAGS = \ -I$(top_srcdir)/src/conf $(AM_CFLAGS) -libvirt_driver_security_la_LDFLAGS = $(AM_LDFLAGS) -libvirt_driver_security_la_LIBADD = +libvirt_security_manager_la_LDFLAGS = $(AM_LDFLAGS) +libvirt_security_manager_la_LIBADD = if WITH_SECDRIVER_SELINUX -libvirt_driver_security_la_SOURCES += $(SECURITY_DRIVER_SELINUX_SOURCES) -libvirt_driver_security_la_CFLAGS += $(SELINUX_CFLAGS) -libvirt_driver_security_la_LIBADD += $(SELINUX_LIBS) +libvirt_security_manager_la_SOURCES += $(SECURITY_DRIVER_SELINUX_SOURCES) +libvirt_security_manager_la_CFLAGS += $(SELINUX_CFLAGS) +libvirt_security_manager_la_LIBADD += $(SELINUX_LIBS) endif if WITH_SECDRIVER_APPARMOR -libvirt_driver_security_la_SOURCES += $(SECURITY_DRIVER_APPARMOR_SOURCES) -libvirt_driver_security_la_CFLAGS += $(APPARMOR_CFLAGS) -libvirt_driver_security_la_LIBADD += $(APPARMOR_LIBS) +libvirt_security_manager_la_SOURCES += $(SECURITY_DRIVER_APPARMOR_SOURCES) +libvirt_security_manager_la_CFLAGS += $(APPARMOR_CFLAGS) +libvirt_security_manager_la_LIBADD += $(APPARMOR_LIBS) endif # Add all conditional sources just in case... @@ -1611,7 +1611,7 @@ libvirt_lxc_LDADD = \ $(NUMACTL_LIBS) \ libvirt-net-rpc-server.la \ libvirt-net-rpc.la \ - libvirt_driver_security.la \ + libvirt_security_manager.la \ libvirt_conf.la \ libvirt_util.la \ ../gnulib/lib/libgnu.la -- 1.7.11.1
On Thu, Aug 02, 2012 at 03:47:11PM +0200, Jiri Denemark wrote:
Security manager is not a dynamically loadable driver. Let's avoid the confusion by renaming libvirt_driver_security library as libvirt_security_manager. --- src/Makefile.am | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am index 2b09141..d74497d 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1159,22 +1159,22 @@ libvirt_driver_nwfilter_la_SOURCES = $(NWFILTER_DRIVER_SOURCES) endif
-libvirt_driver_security_la_SOURCES = $(SECURITY_DRIVER_SOURCES) -noinst_LTLIBRARIES += libvirt_driver_security.la -libvirt_la_BUILT_LIBADD += libvirt_driver_security.la -libvirt_driver_security_la_CFLAGS = \ +libvirt_security_manager_la_SOURCES = $(SECURITY_DRIVER_SOURCES) +noinst_LTLIBRARIES += libvirt_security_manager.la +libvirt_la_BUILT_LIBADD += libvirt_security_manager.la +libvirt_security_manager_la_CFLAGS = \ -I$(top_srcdir)/src/conf $(AM_CFLAGS) -libvirt_driver_security_la_LDFLAGS = $(AM_LDFLAGS) -libvirt_driver_security_la_LIBADD = +libvirt_security_manager_la_LDFLAGS = $(AM_LDFLAGS) +libvirt_security_manager_la_LIBADD = if WITH_SECDRIVER_SELINUX -libvirt_driver_security_la_SOURCES += $(SECURITY_DRIVER_SELINUX_SOURCES) -libvirt_driver_security_la_CFLAGS += $(SELINUX_CFLAGS) -libvirt_driver_security_la_LIBADD += $(SELINUX_LIBS) +libvirt_security_manager_la_SOURCES += $(SECURITY_DRIVER_SELINUX_SOURCES) +libvirt_security_manager_la_CFLAGS += $(SELINUX_CFLAGS) +libvirt_security_manager_la_LIBADD += $(SELINUX_LIBS) endif if WITH_SECDRIVER_APPARMOR -libvirt_driver_security_la_SOURCES += $(SECURITY_DRIVER_APPARMOR_SOURCES) -libvirt_driver_security_la_CFLAGS += $(APPARMOR_CFLAGS) -libvirt_driver_security_la_LIBADD += $(APPARMOR_LIBS) +libvirt_security_manager_la_SOURCES += $(SECURITY_DRIVER_APPARMOR_SOURCES) +libvirt_security_manager_la_CFLAGS += $(APPARMOR_CFLAGS) +libvirt_security_manager_la_LIBADD += $(APPARMOR_LIBS) endif
# Add all conditional sources just in case... @@ -1611,7 +1611,7 @@ libvirt_lxc_LDADD = \ $(NUMACTL_LIBS) \ libvirt-net-rpc-server.la \ libvirt-net-rpc.la \ - libvirt_driver_security.la \ + libvirt_security_manager.la \ libvirt_conf.la \ libvirt_util.la \ ../gnulib/lib/libgnu.la
ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On Thu, Aug 02, 2012 at 03:47:10PM +0200, Jiri Denemark wrote:
Security manager is not a dynamically loadable driver, it's a common infrastructure similar to util, conf, cpu, etc. used by individual drivers. Such code is allowed to be linked into libvirt.so.
This reverts commit ec5b7bd2ecbf40ceff5b2d4fc00d5cfdfba966a4 and most of aae5cfb69948fddef556f8f5b9f80a444f9c6125.
This patch is supposed to fix virdrivermoduletest failures for qemu and lxc drivers as well as libvirtd's ability to load qemu and lxc drivers. --- daemon/Makefile.am | 1 - src/Makefile.am | 3 +-- src/libvirt_private.syms | 31 +++++++++++++++++++++++++++++++ tests/Makefile.am | 5 ++--- 4 files changed, 34 insertions(+), 6 deletions(-)
ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On Thu, Aug 02, 2012 at 15:02:04 +0100, Daniel P. Berrange wrote:
On Thu, Aug 02, 2012 at 03:47:10PM +0200, Jiri Denemark wrote:
Security manager is not a dynamically loadable driver, it's a common infrastructure similar to util, conf, cpu, etc. used by individual drivers. Such code is allowed to be linked into libvirt.so.
This reverts commit ec5b7bd2ecbf40ceff5b2d4fc00d5cfdfba966a4 and most of aae5cfb69948fddef556f8f5b9f80a444f9c6125.
This patch is supposed to fix virdrivermoduletest failures for qemu and lxc drivers as well as libvirtd's ability to load qemu and lxc drivers. --- daemon/Makefile.am | 1 - src/Makefile.am | 3 +-- src/libvirt_private.syms | 31 +++++++++++++++++++++++++++++++ tests/Makefile.am | 5 ++--- 4 files changed, 34 insertions(+), 6 deletions(-)
ACK
Thanks, pushed. Jirka
participants (2)
-
Daniel P. Berrange -
Jiri Denemark