libvirt/src
Ján Tomko d47a396e99 api: disallow virConnectGetDomainCapabilities on read-only connections
This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8afa68bac0)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
2019-06-24 10:00:21 +02:00
..
access conf: simplify internal virSecretDef handling of usage 2017-01-09 15:53:49 +00:00
admin admin: Introduce virAdmConnectSetLoggingFilters 2016-12-15 10:36:23 +01:00
bhyve bhyve: Add support for VNC autoport 2017-08-06 09:24:26 +04:00
conf conf: add reconnect to virDomainChrSourceDef(Copy|IsEqual) 2017-08-30 13:33:30 +02:00
cpu cpu: define sub-leaf 0 for leaf 7 in cpu_map.xml 2017-08-04 16:45:11 +02:00
esx vmx: Expose VMware Managed Object Reference (moref) in XML. 2017-09-04 09:48:32 +01:00
hyperv hyperv: Silence clang alignment warnings in serialization code 2017-08-07 23:14:01 +02:00
interface util: rename/move VIR_NET_GENERATED_PREFIX to be consistent 2017-04-28 09:43:52 -04:00
keycodemapdb@7bf5710b22 Update keycodemapdb submodule for python2 compat fixes 2017-04-26 11:53:40 +01:00
libxl libxl: Avoid a variable named 'stat' 2017-08-24 16:22:27 +02:00
locking daemon: logging: Fix --verbose option being ignored by the daemon 2017-08-28 16:42:13 +02:00
logging daemon: logging: Fix --verbose option being ignored by the daemon 2017-08-28 16:42:13 +02:00
lxc introduce virConfReadString 2017-08-08 12:19:17 +02:00
network network: Use self inflating bitmap for class IDs 2017-08-17 14:58:11 +02:00
node_device nodedev: Introduce udevHandleOneDevice 2017-08-17 16:50:47 +02:00
nwfilter nwfilter: increase pcap buffer size to be compatible with TPACKET_V3 2018-04-27 17:43:51 -04:00
openvz conf: Add save cookie callbacks to xmlopt 2017-06-07 13:36:01 +02:00
phyp phyp: Fix memory leak in phypUUIDTable_Push 2017-07-19 16:49:51 +02:00
qemu api: disallow virDomainSaveImageGetXMLDesc on read-only connections 2019-06-24 10:00:21 +02:00
remote api: disallow virDomainSaveImageGetXMLDesc on read-only connections 2019-06-24 10:00:21 +02:00
rpc virnetdaemon: Don't deadlock when talking to D-Bus 2017-09-01 13:21:33 +02:00
secret secret: Handle object list removal and deletion properly 2017-07-25 09:15:30 -04:00
security Don't autogenerate seclabels of type 'none' 2017-08-21 09:22:26 -06:00
storage storage: Use virStorageBackendRefreshVolTargetUpdate after wipeVol 2017-08-30 15:32:13 -04:00
test network: Use @maxnames instead of @nnames 2017-08-16 14:17:57 -04:00
uml conf: Pass config.priv to xmlopt->privateData.alloc 2017-07-25 17:02:27 +02:00
util log: fix deadlock obtaining hostname (related CVE-2018-6764) 2018-02-13 14:14:33 -05:00
vbox vbox: fix SEGV during dumpxml of a serial port 2018-03-20 15:42:45 -04:00
vmware conf: Pass config.priv to xmlopt->privateData.alloc 2017-07-25 17:02:27 +02:00
vmx vmx: Expose VMware Managed Object Reference (moref) in XML. 2017-09-04 09:48:32 +01:00
vz conf: add virDomainVideoDefNew 2017-08-27 09:38:12 -04:00
xen introduce virConfReadString 2017-08-08 12:19:17 +02:00
xenapi conf: Add save cookie callbacks to xmlopt 2017-06-07 13:36:01 +02:00
xenconfig virStorageNetHostDef: Turn @port into integer 2017-07-24 10:55:44 +02:00
admin_protocol-structs admin: Introduce virAdmConnectSetLoggingFilters 2016-12-15 10:36:23 +01:00
check-aclperms.pl
check-aclrules.pl vz: add ACL checks to API calls 2016-08-23 19:48:01 +03:00
check-driverimpls.pl
check-drivername.pl
check-symfile.pl Revert "Prevent more compiler optimization of mockable functions" 2017-07-13 13:07:06 +01:00
check-symsorting.pl
datatypes.c datatypes: removing unnecessary return statement. 2017-05-18 20:15:45 -04:00
datatypes.h virConnect: Update comment for @privateData 2017-08-02 10:03:23 +02:00
driver-hypervisor.h lib: Add API to edit domain's managed save state xml configuration 2017-08-29 13:40:13 +02:00
driver-interface.h
driver-network.h
driver-nodedev.h Introduce node device lifecycle event APIs 2016-08-02 09:52:00 -04:00
driver-nwfilter.h
driver-secret.h Introduce secret lifecycle event APIs 2017-01-09 15:53:48 +00:00
driver-state.h
driver-storage.h storage: Introduce virStorageVolInfoFlags 2016-12-20 13:52:39 -05:00
driver-stream.h Introduce virStreamInData 2017-05-18 07:42:13 +02:00
driver.c driver: conditionalize use of dlopen functions & use mingw-dlfcn 2017-08-02 13:51:28 +01:00
driver.h daemon: Refactor connection driver module loading 2017-02-21 09:24:33 +01:00
dtrace2systemtap.pl
internal.h Revert "Prevent more compiler optimization of mockable functions" 2017-07-13 13:07:06 +01:00
libvirt_admin_private.syms admin: Introduce virAdmConnectSetLoggingFilters 2016-12-15 10:36:23 +01:00
libvirt_admin_public.syms admin: Introduce virAdmConnectSetLoggingFilters 2016-12-15 10:36:23 +01:00
libvirt_atomic.syms
libvirt_driver_modules.syms driver: Split/refactor driver module loading 2017-02-21 08:48:51 +01:00
libvirt_esx.syms
libvirt_gnutls.syms
libvirt_internal.h Introduce virStreamInData 2017-05-18 07:42:13 +02:00
libvirt_libssh2.syms
libvirt_libssh.syms libssh_transport: add new libssh-based transport 2016-11-15 15:50:51 +01:00
libvirt_linux.syms Expose Linux symbols only on Linux 2017-03-27 17:36:13 +02:00
libvirt_lxc.syms Bump release to 2.0.0 and document release schedule & versioning 2016-06-14 10:59:07 +02:00
libvirt_openvz.syms
libvirt_private.syms util: introduce virXMLFormatElement helper 2017-08-28 14:02:44 +02:00
libvirt_probes.d
libvirt_public.syms lib: Add API to edit domain's managed save state xml configuration 2017-08-29 13:40:13 +02:00
libvirt_qemu_probes.d
libvirt_qemu.syms
libvirt_remote.syms Introduce virNetClientStreamRecvHole 2017-05-18 07:42:13 +02:00
libvirt_sasl.syms virneserverclient: Introduce virNetServerClientHasSASLSession 2016-05-03 15:52:50 +02:00
libvirt_vmware.syms
libvirt_vmx.syms
libvirt_xenconfig.syms
libvirt_xenxlconfig.syms
libvirt-admin.c admin: Introduce virAdmConnectSetLoggingFilters 2016-12-15 10:36:23 +01:00
libvirt-admin.conf
libvirt-domain-snapshot.c Remove bogus warning about vir$OBJECTGetConnect functions 2017-08-07 13:39:28 +01:00
libvirt-domain.c api: disallow virConnectGetDomainCapabilities on read-only connections 2019-06-24 10:00:21 +02:00
libvirt-host.c cpu: Special case models == NULL in cpuGetModels 2016-09-22 15:40:08 +02:00
libvirt-interface.c Remove bogus warning about vir$OBJECTGetConnect functions 2017-08-07 13:39:28 +01:00
libvirt-lxc.c Don't error when attaching security label of model "none" 2016-08-03 10:58:31 +01:00
libvirt-lxc.pc.in
libvirt-network.c Remove bogus warning about vir$OBJECTGetConnect functions 2017-08-07 13:39:28 +01:00
libvirt-nodedev.c virsh: nodedev: ability to filter CCW capabilities 2017-05-26 10:44:05 -04:00
libvirt-nwfilter.c
libvirt-qemu.c
libvirt-qemu.pc.in
libvirt-secret.c Remove bogus warning about vir$OBJECTGetConnect functions 2017-08-07 13:39:28 +01:00
libvirt-storage.c Remove bogus warning about vir$OBJECTGetConnect functions 2017-08-07 13:39:28 +01:00
libvirt-stream.c virStream*All: Report error if a callback fails 2017-07-11 09:33:12 +02:00
libvirt.c virconf: Fix config file path construction 2016-07-27 12:13:13 +02:00
libvirt.conf
libvirt.pc.in
lock_protocol-structs
lxc_monitor_protocol-structs
lxc_protocol-structs
Makefile.am Move resctrl-related code from conf/capabilities to util/virresctrl 2017-08-14 10:01:12 +02:00
qemu_protocol-structs
README
remote_protocol-structs lib: Add API to edit domain's managed save state xml configuration 2017-08-29 13:40:13 +02:00
virkeepaliveprotocol-structs
virnetprotocol-structs Introduce VIR_NET_STREAM_HOLE message type 2017-05-18 07:42:13 +02:00

       libvirt library code README
       ===========================

The directory provides the bulk of the libvirt codebase. Everything
except for the libvirtd daemon and client tools. The build uses a
large number of libtool convenience libraries - one for each child
directory, and then links them together for the final libvirt.so,
although some bits get linked directly to libvirtd daemon instead.

The files directly in this directory are supporting the public API
entry points & data structures.

There are two core shared modules to be aware of:

 * util/  - a collection of shared APIs that can be used by any
            code. This directory is always in the include path
            for all things built

 * conf/  - APIs for parsing / manipulating all the official XML
            files used by the public API. This directory is only
            in the include path for driver implementation modules

 * vmx/   - VMware VMX config handling (used by esx/ and vmware/)


Then there are the hypervisor implementations:

 * bhyve         - bhyve - The BSD Hypervisor
 * esx/          - VMware ESX and GSX support using vSphere API over SOAP
 * hyperv/       - Microsoft Hyper-V support using WinRM
 * lxc/          - Linux Native Containers
 * openvz/       - OpenVZ containers using cli tools
 * phyp/         - IBM Power Hypervisor using CLI tools over SSH
 * qemu/         - QEMU / KVM using qemu CLI/monitor
 * remote/       - Generic libvirt native RPC client
 * test/         - A "mock" driver for testing
 * uml/          - User Mode Linux
 * vbox/         - Virtual Box using native API
 * vmware/       - VMware Workstation and Player using the vmrun tool
 * xen/          - Xen using hypercalls, XenD SEXPR & XenStore
 * xenapi/       - Xen using libxenserver


Finally some secondary drivers that are shared for several HVs.
Currently these are used by LXC, OpenVZ, QEMU, UML and Xen drivers.
The ESX, Hyper-V, Power Hypervisor, Remote, Test & VirtualBox drivers all
implement the secondary drivers directly

 * cpu/          - CPU feature management
 * interface/    - Host network interface management
 * network/      - Virtual NAT networking
 * nwfilter/     - Network traffic filtering rules
 * node_device/  - Host device enumeration
 * secret/       - Secret management
 * security/     - Mandatory access control drivers
 * storage/      - Storage management drivers


Since both the hypervisor and secondary drivers can be built as
dlopen()able modules, it is *FORBIDDEN* to have build dependencies
between these directories. Drivers are only allowed to depend on
the public API, and the internal APIs in the util/ and conf/
directories