[libvirt] [PATCH 0/9] Pass identity information between daemons

Daniel P. Berrangé posted 9 patches 2 weeks ago
Test syntax-check passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20190905115627.11493-1-berrange@redhat.com
include/libvirt/libvirt-host.h      |  74 +++++
src/access/viraccessdriverpolkit.c  |  22 +-
src/admin/admin_server.c            |  52 +--
src/driver-hypervisor.h             |   7 +
src/libvirt-host.c                  |  51 +++
src/libvirt_private.syms            |  21 +-
src/libvirt_public.syms             |   4 +
src/libvirt_remote.syms             |   1 +
src/remote/remote_daemon_dispatch.c | 112 ++++++-
src/remote/remote_driver.c          |   1 +
src/remote/remote_protocol.x        |  16 +-
src/remote_protocol-structs         |   8 +
src/rpc/virnetserverclient.c        |  20 +-
src/rpc/virnetserverclient.h        |   2 +
src/util/viridentity.c              | 488 ++++++++++++++++------------
src/util/viridentity.h              |  71 ++--
tests/viridentitytest.c             | 115 ++-----
tests/virnetserverclienttest.c      |  40 +--
18 files changed, 672 insertions(+), 433 deletions(-)

[libvirt] [PATCH 0/9] Pass identity information between daemons

Posted by Daniel P. Berrangé 2 weeks ago
This was previously posted as part of the daemon split series:

  https://www.redhat.com/archives/libvir-list/2019-July/msg01754.html

The patches were not merged at the time since they needed more work
which is now done by this series.

This is all about enabling the polkit fine grain auth checks to
work correctly with the split daemons

A mgmt app running non-root will connect to virtqemud. virtqemud
sees the client identity as the non-root user.  virtqemud in turn
may connect to virtnetworkd, forwarding API calls that the mgmt
app makes. virtnetworkd sees the client identity as the root user.

This series allows virtqemud to pass on the non-root identity of
the mgmt app to virtnetworkd, so that polkit checks are done against
the correct identity.

Daniel P. Berrangé (9):
  api: introduce virConnectSetIdentity for passing uid, gid, selinux
    info
  util: change identity class attribute names
  tests: fix debug messages wrt selinux context when test fails
  util: make generic identity accessors private
  util: removed unused virIdentityIsEqual method
  util: sanitize return values for virIdentity getters
  util: store identity attrs as virTypedParameter internally
  util: allow identity to be imported/exported as typed parameters
  remote: pass identity across to newly opened daemons

 include/libvirt/libvirt-host.h      |  74 +++++
 src/access/viraccessdriverpolkit.c  |  22 +-
 src/admin/admin_server.c            |  52 +--
 src/driver-hypervisor.h             |   7 +
 src/libvirt-host.c                  |  51 +++
 src/libvirt_private.syms            |  21 +-
 src/libvirt_public.syms             |   4 +
 src/libvirt_remote.syms             |   1 +
 src/remote/remote_daemon_dispatch.c | 112 ++++++-
 src/remote/remote_driver.c          |   1 +
 src/remote/remote_protocol.x        |  16 +-
 src/remote_protocol-structs         |   8 +
 src/rpc/virnetserverclient.c        |  20 +-
 src/rpc/virnetserverclient.h        |   2 +
 src/util/viridentity.c              | 488 ++++++++++++++++------------
 src/util/viridentity.h              |  71 ++--
 tests/viridentitytest.c             | 115 ++-----
 tests/virnetserverclienttest.c      |  40 +--
 18 files changed, 672 insertions(+), 433 deletions(-)

-- 
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list