mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 01:34:11 +03:00
Libvirt native C API and daemons
e6cbadd588
The capng_lock() call sets the SECURE_NO_SETUID_FIXUP and SECURE_NOROOT bits on the process. This prevents the kernel granting capabilities to processes with an effective UID of 0, or with setuid programs. This is not actually what we want in the container init process. It should be allowed to run setuid processes & keep capabilities when root. All that is required is masking a handful of dangerous capabilities from the bounding set. * src/lxc/lxc_container.c: Remove bogus capng_lock() call. |
||
---|---|---|
.gnulib@28db629d4f | ||
build-aux | ||
daemon | ||
docs | ||
examples | ||
include | ||
m4 | ||
po | ||
proxy | ||
python | ||
src | ||
tests | ||
tools | ||
.gitignore | ||
.gitmodules | ||
.hgignore | ||
.x-sc_avoid_ctype_macros | ||
.x-sc_avoid_if_before_free | ||
.x-sc_avoid_write | ||
.x-sc_m4_quote_check | ||
.x-sc_prohibit_asprintf | ||
.x-sc_prohibit_gethostby | ||
.x-sc_prohibit_gethostname | ||
.x-sc_prohibit_have_config_h | ||
.x-sc_prohibit_HAVE_MBRTOWC | ||
.x-sc_prohibit_nonreentrant | ||
.x-sc_prohibit_strcmp | ||
.x-sc_prohibit_strcmp_and_strncmp | ||
.x-sc_prohibit_strncpy | ||
.x-sc_prohibit_VIR_ERR_NO_MEMORY | ||
.x-sc_require_config_h | ||
.x-sc_require_config_h_first | ||
.x-sc_trailing_blank | ||
acinclude.m4 | ||
AUTHORS | ||
autobuild.sh | ||
autogen.sh | ||
bootstrap | ||
cfg.mk | ||
ChangeLog-old | ||
configure.in | ||
COPYING.LIB | ||
HACKING | ||
libvirt.pc.in | ||
libvirt.spec.in | ||
Makefile.am | ||
Makefile.nonreentrant | ||
mingw32-libvirt.spec.in | ||
README | ||
README-hacking | ||
TODO |
LibVirt : simple API for virtualization Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). It is free software available under the GNU Lesser General Public License. Virtualization of the Linux Operating System means the ability to run multiple instances of Operating Systems concurrently on a single hardware system where the basic resources are driven by a Linux instance. The library aim at providing long term stable C API initially for the Xen paravirtualization but should be able to integrate other virtualization mechanisms if needed. Daniel Veillard <veillard@redhat.com>