NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
Read-only mirror. Please submit merge requests / issues to https://gitlab.com/libvirt/libvirt
34,157 Commits 67 Branches 632 Tags 1.1 GiB
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%
b1eb8b3e8f
Go to file
Andrea Bolognani b1eb8b3e8f virt-aa-helper: Fix AppArmor profile 
Since

  commit 432faf259b
  Author: Michal Privoznik <mprivozn@redhat.com>
  Date:   Tue Jul 2 19:49:51 2019 +0200

    virCommand: use procfs to learn opened FDs

    When spawning a child process, between fork() and exec() we close
    all file descriptors and keep only those the caller wants us to
    pass onto the child. The problem is how we do that. Currently, we
    get the limit of opened files and then iterate through each one
    of them and either close() it or make it survive exec(). This
    approach is suboptimal (although, not that much in default
    configurations where the limit is pretty low - 1024). We have
    /proc where we can learn what FDs we hold open and thus we can
    selectively close only those.

    Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
    Reviewed-by: Ján Tomko <jtomko@redhat.com>

  v5.5.0-173-g432faf259b

programs using the virCommand APIs on Linux need read access to
/proc/self/fd, or they will fail like

  error : virCommandWait:2796 : internal error: Child process
  (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -c
   -u libvirt-b20e9a8e-091a-45e0-8823-537119e98bc6) unexpected exit
  status 1: libvirt:  error : cannot open directory '/proc/self/fd':
  Permission denied
  virt-aa-helper: error: apparmor_parser exited with error

Update the AppArmor profile for virt-aa-helper so that read access
to the relevant path is granted.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2019-08-19 15:47:24 +02:00
.ctags.d maint: Add support for .ctags.d 2019-05-31 17:54:28 +02:00
.gnulib@c8e2eee548 maint: Update to latest gnulib 2019-08-08 07:31:03 -05:00
build-aux build: use @CONFIG@ instead of ::CONFIG:: in augeas tests 2019-08-09 14:06:31 +01:00
docs news: mention Direct Mode for Hyper-V Synthetic timers support 2019-08-19 11:38:28 +02:00
examples nwfilter: move standard XML configs out of examples dir 2019-08-19 11:52:44 +01:00
gnulib maint: Fix VPATH build 2019-01-07 21:56:16 -06:00
include/libvirt backup: Introduce virDomainCheckpoint APIs 2019-07-26 16:48:58 -05:00
m4 m4: Drop libxml2 version number from configure help 2019-08-12 09:31:22 +02:00
po po: refresh translations from zanata 2019-07-30 12:43:31 +01:00
src virt-aa-helper: Fix AppArmor profile 2019-08-19 15:47:24 +02:00
tests nwfilter: move standard XML configs out of examples dir 2019-08-19 11:52:44 +01:00
tools Revert "configure: Remove --enable-test-coverage" 2019-08-14 09:28:06 +02:00
.color_coded.in Add color_coded support 2017-05-09 09:51:11 +02:00
.ctags ctags: Generate tags for headers, i.e. function prototypes 2018-09-18 14:21:33 +02:00
.dir-locals.el build: avoid tabs that failed syntax-check 2012-09-06 09:43:46 -06:00
.gitignore vz: introduce virtvzd daemon 2019-08-09 14:06:31 +01:00
.gitlab-ci.yml gitlab: Perform some builds on Debian 10 2019-07-11 15:03:39 +02:00
.gitmodules gnulib: switch to use https:// instead of git:// protocol 2018-03-19 16:32:34 +00:00
.gitpublish git: add config file telling git-publish how to send patches 2018-04-23 11:36:09 +01:00
.mailmap mailmap: Remove some duplicates 2019-06-07 13:18:08 +02:00
.travis.yml travis: put macOS script inline in the macOS matrix entry 2019-04-11 18:38:56 +01:00
.ycm_extra_conf.py.in Add YouCompleteMe support 2017-05-09 09:51:11 +02:00
ABOUT-NLS po: provide custom make rules for po file management 2018-04-19 10:35:58 +01:00
AUTHORS.in AUTHORS: Add Katerina Koukiou 2018-07-17 17:01:19 +02:00
autogen.sh po: provide custom make rules for po file management 2018-04-19 10:35:58 +01:00
bootstrap maint: update gnulib for syntax-check on BSD 2019-01-07 13:54:07 -06:00
bootstrap.conf maint: Stop generating ChangeLog from git 2019-04-03 09:45:25 +02:00
cfg.mk tools: avoid accidentally using files from gnulib 2019-08-08 13:32:02 +01:00
ChangeLog maint: Stop generating ChangeLog from git 2019-04-03 09:45:25 +02:00
config-post.h nss: only link to yajl library and nothing else 2019-08-07 16:54:02 +01:00
configure.ac Revert "configure: Remove --enable-test-coverage" 2019-08-14 09:28:06 +02:00
COPYING maint: follow recommended practice for using LGPL 2013-05-20 14:15:21 -06:00
COPYING.LESSER maint: Remove control characters from LGPL license file 2015-09-25 09:16:24 +02:00
gitdm.config gitdm: Add gitdm configuration 2019-06-07 13:18:14 +02:00
libvirt-admin.pc.in Add libvirt-admin library 2015-06-16 13:46:20 +02:00
libvirt-lxc.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt-qemu.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.pc.in Add pkg-config files for libvirt-qemu & libvirt-lxc 2014-06-23 16:17:27 +01:00
libvirt.spec.in remote: enable connecting to the per-driver daemons 2019-08-09 14:06:31 +01:00
Makefile.am Revert "configure: Remove --enable-test-coverage" 2019-08-14 09:28:06 +02:00
Makefile.ci ci: Allow gdb in containers 2019-08-16 08:49:33 +02:00
Makefile.nonreentrant Remove backslash alignment attempts 2017-11-03 13:24:12 +01:00
mingw-libvirt.spec.in backup: Introduce virDomainCheckpoint APIs 2019-07-26 16:48:58 -05:00
README Provide a useful README file 2017-05-22 17:01:37 +01:00
README-hacking docs: update all GIT repo examples to use https:// protocol 2018-03-21 14:48:01 +00:00
README.md README: fix license typo 2019-07-25 09:21:28 -06:00
run.in run: Don't export unnecessary paths 2019-03-15 11:50:23 +01:00

README.md

Build Status CII Best Practices

Libvirt API for virtualization

Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.

For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the website:

https://libvirt.org

License

The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.

Installation

Libvirt uses the GNU Autotools build system, so in general can be built and installed with the usual commands. For example, to build in a manner that is suitable for installing as root, use:

$ ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
$ make
$ sudo make install

While to build & install as an unprivileged user

$ ./configure --prefix=$HOME/usr
$ make
$ make install

The libvirt code relies on a large number of 3rd party libraries. These will be detected during execution of the configure script and a summary printed which lists any missing (optional) dependencies.

Contributing

The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html

Contact

The libvirt project has two primary mailing lists:

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html