shaba/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-10 05:17:59 +03:00
Code Releases Activity
Libvirt native C API and daemons
38,030 Commits 67 Branches 630 Tags 669 MiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
2249455654
Go to file
Michal Privoznik 2249455654 virdevmapper: Don't use libdevmapper to obtain dependencies 
CVE-2020-14339

When building domain's private /dev in a namespace, libdevmapper
is consulted for getting full dependency tree of domain's disks.
The reason is that for a multipath devices all dependent devices
must be created in the namespace and allowed in CGroups.

However, this approach is very fragile as building of namespace
happens in the forked off child process, after mass close of FDs
and just before dropping privileges and execing QEMU. And it so
happens that when calling libdevmapper APIs, one of them opens
/dev/mapper/control and saves the FD into a global variable. The
FD is kept open until the lib is unlinked or dm_lib_release() is
called explicitly. We are doing neither.

However, the virDevMapperGetTargets() function is called also
from libvirtd (when setting up CGroups) and thus has to be thread
safe. Unfortunately, libdevmapper APIs are not thread safe (nor
async signal safe) and thus we can't use them. Reimplement what
libdevmapper would do using plain C (ioctl()-s, /proc/devices
parsing, /dev/mapper dirwalking, and so on).

Fixes: a30078cb83
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1858260

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2020-07-25 11:14:39 +02:00
.ctags.d maint: Add support for .ctags.d 2019-05-31 17:54:28 +02:00
.github github: skip lockdown of old issues/prs 2020-04-07 17:50:54 +01:00
build-aux po: change the format of POTFILES.in 2020-07-10 09:40:29 +02:00
ci ci: Run 'make distcheck' on FreeBSD 2020-07-23 15:03:11 +02:00
docs conf: add control over COW for storage pool directories 2020-07-23 16:18:09 +01:00
examples qemu: support Panic Crashloaded event handling 2020-02-07 14:05:25 +00:00
include/libvirt API: Add VIR_DOMAIN_JOB_ERRMSG domain job statistics field 2020-04-24 08:56:57 +02:00
m4 m4: enable -fstack-protector-strong on mingw 2020-07-23 14:58:06 +01:00
po virdevmapper: Don't use libdevmapper to obtain dependencies 2020-07-25 11:14:39 +02:00
scripts scripts: check-remote-protocol: remove unused OBJEXT argument 2020-07-10 09:40:32 +02:00
src virdevmapper: Don't use libdevmapper to obtain dependencies 2020-07-25 11:14:39 +02:00
tests conf: add control over COW for storage pool directories 2020-07-23 16:18:09 +01:00
tools tools: be more paranoid about possibly NULL description 2020-07-23 14:58:24 +01:00
.color_coded.in gnulib: delete all gnulib integration 2020-02-07 15:03:54 +00:00
.ctags ctags: Generate tags for headers, i.e. function prototypes 2018-09-18 14:21:33 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.editorconfig Add .editorconfig 2019-09-06 12:47:46 +02:00
.gitignore gnulib: delete all gnulib integration 2020-02-07 15:03:54 +00:00
.gitlab-ci.yml ci: Drop Debian 9 jobs 2020-07-15 12:06:26 +02:00
.gitmodules gnulib: delete all gnulib integration 2020-02-07 15:03:54 +00:00
.gitpublish gitpublish: add a subject prefix 2020-01-16 13:04:11 +00:00
.mailmap mailmap: Remove some duplicates 2019-06-07 13:18:08 +02:00
.ycm_extra_conf.py.in gnulib: delete all gnulib integration 2020-02-07 15:03:54 +00:00
ABOUT-NLS Convert all remaining Markdown files to reStructuredText 2020-04-14 16:29:04 +02:00
AUTHORS.in AUTHORS: add Pino Toscano as a maintainer 2020-06-24 11:44:30 +02:00
autogen.sh autogen.sh: Restore --no-git (avoid git submodule update) 2020-06-03 16:19:13 +02:00
ChangeLog docs: point to GitLab as the primary git hosting 2020-06-03 13:38:33 +02:00
config-post.h gnulib: delete all gnulib integration 2020-02-07 15:03:54 +00:00
configure.ac Include <sys/socket.h> before including <net/if.h> 2020-07-20 09:41:23 +00:00
CONTRIBUTING.rst CONTRIBUTING: Include note about build system tools 2020-05-04 19:03:51 +02:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: Remove control characters from LGPL license file 2015-09-25 09:16:24 +02:00
gitdm.config gitdm: add 'ibm' file 2019-10-18 17:32:52 +02:00
GNUmakefile build: merge all syntax-check logic into one file 2019-10-09 13:36:54 +01:00
libvirt-admin.pc.in Add libvirt-admin library 2015-06-16 13:46:20 +02:00
libvirt-lxc.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt-qemu.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.spec.in spec: Drop explicit dependency on ncurses 2020-07-20 17:16:55 +02:00
Makefile.am news: Convert to reStructuredText 2020-06-05 16:27:33 +02:00
Makefile.nonreentrant Remove backslash alignment attempts 2017-11-03 13:24:12 +01:00
mingw-libvirt.spec.in spec: Require Fedora 31 2020-06-17 12:59:08 +02:00
NEWS.rst NEWS: mention readonly attribute is not yet supported by virtiofsd 2020-07-21 16:02:42 +02:00
README Convert all remaining Markdown files to reStructuredText 2020-04-14 16:29:04 +02:00
README.rst po: update docs to refer to Weblate instead of Zanata 2020-06-08 16:38:47 +01:00
run.in run.in: Include tools directory on $PATH. 2020-01-21 13:04:57 +01:00

README 

.. image:: https://gitlab.com/libvirt/libvirt/badges/master/pipeline.svg
     :target: https://gitlab.com/libvirt/libvirt/pipelines
     :alt: GitLab CI Build Status
.. image:: https://travis-ci.org/libvirt/libvirt.svg
     :target: https://travis-ci.org/libvirt/libvirt
     :alt: Travis CI Build Status
.. image:: https://bestpractices.coreinfrastructure.org/projects/355/badge
     :target: https://bestpractices.coreinfrastructure.org/projects/355
     :alt: CII Best Practices
.. image:: https://translate.fedoraproject.org/widgets/libvirt/-/libvirt/svg-badge.svg
     :target: https://translate.fedoraproject.org/engage/libvirt/
     :alt: Translation status

==============================
Libvirt API for virtualization
==============================

Libvirt provides a portable, long term stable C API for managing the
virtualization technologies provided by many operating systems. It
includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware
vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER
Hypervisor.

For some of these hypervisors, it provides a stateful management
daemon which runs on the virtualization host allowing access to the
API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other
languages including Python, Perl, PHP, Go, Java, OCaml, as well as
mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the
website:

https://libvirt.org


License
=======

The libvirt C API is distributed under the terms of GNU Lesser General
Public License, version 2.1 (or later). Some parts of the code that are
not part of the C library may have the more restrictive GNU General
Public License, version 2.0 (or later). See the files ``COPYING.LESSER``
and ``COPYING`` for full license terms & conditions.


Installation
============

Instructions on building and installing libvirt can be found on the website:

https://libvirt.org/compiling.html

Contributing
============

The libvirt project welcomes contributions in many ways. For most components
the best way to contribute is to send patches to the primary development
mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html


Contact
=======

The libvirt project has two primary mailing lists:

* libvirt-users@redhat.com (**for user discussions**)
* libvir-list@redhat.com (**for development only**)

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html