1
0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-10 05:17:59 +03:00
Libvirt native C API and daemons
Go to file
Daniel Henrique Barboza dbf1f68410 security: do not remember/recall labels for VFIO
Files inside /dev/vfio/ can't be opened more than once, meaning
that any subsequent open calls will fail. This behavior was
introduced in kernel v3.11, commit 6d6768c61b39.

When using the VFIO driver, we open a FD to /dev/vfio/N and
pass it to QEMU. If any other call attempt for the same
/dev/vfio/N happens while QEMU is still using the file, we are
unable to open it and QEMU will report -EBUSY. This can happen
if we hotplug a PCI hostdev that belongs to the same IOMMU group
of an existing domain hostdev.

The problem and solution is similar to what we already dealt
with for TPM in commit 4e95cdcbb3. This patch changes both
DAC and SELinux drivers to disable 'remember' for VFIO hostdevs
in virSecurityDACSetHostdevLabelHelper() and
virSecurityDACSetHostdevLabel(), and 'recall'
in virSecurityDACRestoreHostdevLabel() and
virSecuritySELinuxRestoreHostdevSubsysLabel().

Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2020-01-29 13:50:51 +01:00
.ctags.d maint: Add support for .ctags.d 2019-05-31 17:54:28 +02:00
.gnulib@611869be9f gnulib: Pull in latest changes 2020-01-15 17:19:31 +01:00
build-aux virsh: Work around virSecretFree quirks 2020-01-28 18:09:57 +01:00
ci ci: Fetch list of available container images dynamically 2020-01-06 16:43:46 +01:00
docs docs: use --strict arg when processing rst docs 2020-01-29 12:16:13 +00:00
examples src: replace verify(expr) with G_STATIC_ASSERT(expr) 2020-01-17 10:02:01 +00:00
gnulib/lib bootstrap.conf: drop gnulib tests from libvirt 2020-01-17 16:04:26 +01:00
include/libvirt include: add a space before ending a comment 2020-01-28 13:32:28 +01:00
m4 bootstrap: remove 26 more gnulib modules 2020-01-17 10:03:26 +00:00
po secret: move virSecretGetSecretString into virsecret 2020-01-17 15:52:37 +01:00
scripts virerror: Make it easier to add new error number 2020-01-10 13:53:32 +01:00
src security: do not remember/recall labels for VFIO 2020-01-29 13:50:51 +01:00
tests qemu: check iotune params same for all disk in group 2020-01-29 11:46:51 +01:00
tools tools: virsh: Add --interactive flag for secret-set-value command 2020-01-28 18:09:57 +01:00
.color_coded.in Add color_coded support 2017-05-09 09:51:11 +02:00
.ctags ctags: Generate tags for headers, i.e. function prototypes 2018-09-18 14:21:33 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.editorconfig Add .editorconfig 2019-09-06 12:47:46 +02:00
.gitignore bootstrap.conf: disable VC ignore files 2020-01-17 16:04:26 +01:00
.gitlab-ci.yml gitlab: Move mips job to Debian 9 2019-12-13 13:12:13 +01:00
.gitmodules gnulib: switch to use https:// instead of git:// protocol 2018-03-19 16:32:34 +00:00
.gitpublish gitpublish: add a subject prefix 2020-01-16 13:04:11 +00:00
.mailmap mailmap: Remove some duplicates 2019-06-07 13:18:08 +02:00
.travis.yml travis: add build for Debian 9 2020-01-07 14:42:26 +00:00
.ycm_extra_conf.py.in Add YouCompleteMe support 2017-05-09 09:51:11 +02:00
ABOUT-NLS po: provide custom make rules for po file management 2018-04-19 10:35:58 +01:00
AUTHORS.in AUTHORS: Add Fabiano Fidêncio 2019-12-19 16:42:06 +01:00
autogen.sh autogen.sh: fix autoreconf step 2020-01-17 16:04:26 +01:00
bootstrap maint: update to latest gnulib 2020-01-02 10:06:16 +01:00
bootstrap.conf bootstrap.conf: stop creating AUTHORS file 2020-01-17 16:04:26 +01:00
ChangeLog maint: Stop generating ChangeLog from git 2019-04-03 09:45:25 +02:00
config-post.h util: introduce compile time API version checking 2020-01-07 14:42:26 +00:00
configure.ac bootstrap.conf: drop gnulib tests from libvirt 2020-01-17 16:04:26 +01:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: Remove control characters from LGPL license file 2015-09-25 09:16:24 +02:00
gitdm.config gitdm: add 'ibm' file 2019-10-18 17:32:52 +02:00
GNUmakefile build: merge all syntax-check logic into one file 2019-10-09 13:36:54 +01:00
libvirt-admin.pc.in Add libvirt-admin library 2015-06-16 13:46:20 +02:00
libvirt-lxc.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt-qemu.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.spec.in qemu: introduce a new "virt-qemu-run" program 2020-01-27 11:05:02 +00:00
Makefile.am bootstrap.conf: drop gnulib tests from libvirt 2020-01-17 16:04:26 +01:00
Makefile.nonreentrant Remove backslash alignment attempts 2017-11-03 13:24:12 +01:00
mingw-libvirt.spec.in Remove phyp driver 2019-12-20 12:25:42 -05:00
README Provide a useful README file 2017-05-22 17:01:37 +01:00
README-hacking build: mandate use of a build dir != src dir 2019-11-08 17:07:35 +01:00
README.md build: mandate use of a build dir != src dir 2019-11-08 17:07:35 +01:00
run.in run.in: Include tools directory on $PATH. 2020-01-21 13:04:57 +01:00

Build Status CII Best Practices

Libvirt API for virtualization

Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.

For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the website:

https://libvirt.org

License

The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.

Installation

Libvirt uses the GNU Autotools build system, so in general can be built and installed with the usual commands, however, we mandate to have the build directory different than the source directory. For example, to build in a manner that is suitable for installing as root, use:

$ mkdir build && cd build
$ ../configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
$ make
$ sudo make install

While to build & install as an unprivileged user

$ mkdir build && cd build
$ ../configure --prefix=$HOME/usr
$ make
$ make install

The libvirt code relies on a large number of 3rd party libraries. These will be detected during execution of the configure script and a summary printed which lists any missing (optional) dependencies.

Contributing

The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html

Contact

The libvirt project has two primary mailing lists:

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html