NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
5,018 Commits 67 Branches 632 Tags
c567853089a2764c964002dd752e09e318524a38
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Daniel P. Berrange c567853089 CVE-2010-2242 Apply a source port mapping to virtual network masquerading 
IPtables will seek to preserve the source port unchanged when
doing masquerading, if possible. NFS has a pseudo-security
option where it checks for the source port <= 1023 before
allowing a mount request. If an admin has used this to make the
host OS trusted for mounts, the default iptables behaviour will
potentially allow NAT'd guests access too. This needs to be
stopped.

With this change, the iptables -t nat -L -n -v rules for the
default network will be

Chain POSTROUTING (policy ACCEPT 95 packets, 9163 bytes)
 pkts bytes target     prot opt in     out     source               destination
   14   840 MASQUERADE  tcp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
   75  5752 MASQUERADE  udp  --  *      *       192.168.122.0/24    !192.168.122.0/24    masq ports: 1024-65535
    0     0 MASQUERADE  all  --  *      *       192.168.122.0/24    !192.168.122.0/24

* src/network/bridge_driver.c: Add masquerade rules for TCP
  and UDP protocols
* src/util/iptables.c, src/util/iptables.c: Add source port
  mappings for TCP & UDP protocols when masquerading.
2010-07-19 15:50:27 +01:00
.gnulib @ 1629006348
build: fix some mingw issues
2010-06-10 06:05:31 -06:00
build-aux
build: update gnulib
2010-03-26 19:16:37 +01:00
daemon
man pages: update authors and copyright notice for libvirtd and virsh
2010-07-17 04:51:01 +10:00
docs
docs: fix so generated .html files are removed with make clean
2010-07-13 05:34:25 +10:00
examples
Add openauth example to demonstrate a custom auth callback
2010-07-13 13:50:27 +02:00
include
libvirt: introduce domainCreateWithFlags API
2010-06-15 07:32:41 -06:00
m4
build: don't use "test cond1 -o cond2": it's not portable
2010-03-25 09:28:24 +01:00
po
Release of libvirt-0.8.2
2010-07-05 17:29:25 +02:00
proxy
build: fix up some compiler flags
2010-05-17 09:12:42 -06:00
python
python: Fix IOErrorReasonCallback bindings
2010-07-14 10:52:18 -04:00
src
CVE-2010-2242 Apply a source port mapping to virtual network masquerading
2010-07-19 15:50:27 +01:00
tests
cpu: Add support for CPU vendor
2010-07-07 17:26:00 +02:00
tools
man pages: update authors and copyright notice for libvirtd and virsh
2010-07-17 04:51:01 +10:00
.gitignore
build: distribute missing file
2010-05-19 16:28:49 -06:00
.gitmodules
make .gnulib a submodule
2009-07-08 16:17:51 +02:00
.mailmap
authors: update my authors details
2010-07-09 23:21:00 +10:00
.x-sc_avoid_ctype_macros
exempt gnulib from ctype-macros prohibition
2008-10-28 17:36:31 +00:00
.x-sc_avoid_if_before_free
avoid a "make syntax-check" failure
2009-07-09 20:00:37 +02:00
.x-sc_avoid_write
Fully asynchronous monitor I/O processing
2009-11-10 13:27:18 +00:00
.x-sc_m4_quote_check
syntax-check: enable more checks
2009-02-03 13:08:36 +00:00
.x-sc_prohibit_always_true_header_tests
build: update gnulib
2010-05-06 14:35:38 -06:00
.x-sc_prohibit_asprintf
add .x-sc_prohibit_asprintf
2008-12-23 13:40:42 +00:00
.x-sc_prohibit_gethostby
Various syntax-check fixes.
2009-10-26 10:34:05 +01:00
.x-sc_prohibit_gethostname
Add a new syntax-check rule for gethostname.
2009-10-26 10:34:27 +01:00
.x-sc_prohibit_gettext_noop
build: fix syntax-check problems
2010-04-12 16:43:05 -06:00
.x-sc_prohibit_have_config_h
maint: sync from coreutils
2009-01-29 18:06:19 +00:00
.x-sc_prohibit_HAVE_MBRTOWC
maint: sync from coreutils
2009-01-29 18:06:19 +00:00
.x-sc_prohibit_nonreentrant
Tighten up nonreentrant syntax-check.
2009-10-26 10:33:42 +01:00
.x-sc_prohibit_readlink
Add a rule to check for uses of readlink.
2010-01-22 09:42:35 -05:00
.x-sc_prohibit_strcmp
exempt gnulib/ from "make syntax-check" strcmp prohibition
2008-05-14 21:18:27 +00:00
.x-sc_prohibit_strcmp_and_strncmp
Ignore docs/ directory for strcmp() syntax check
2009-11-23 11:58:13 +00:00
.x-sc_prohibit_strncpy
Various syntax-check fixes.
2009-10-26 10:34:05 +01:00
.x-sc_prohibit_test_minus_ao
build: fix syntax-check problems
2010-04-12 16:43:05 -06:00
.x-sc_prohibit_VIR_ERR_NO_MEMORY
Various syntax-check fixes.
2009-10-26 10:34:05 +01:00
.x-sc_require_config_h
Various syntax-check fixes.
2009-10-26 10:34:05 +01:00
.x-sc_require_config_h_first
Misc syntax-check fixes
2009-09-21 14:41:47 +01:00
.x-sc_trailing_blank
build: exempt *.ico files from the trailing blank check
2008-10-16 13:28:07 +00:00
.x-sc_unmarked_diagnostics
build: import latest gnulib
2010-04-02 10:18:55 -06:00
acinclude.m4
build: fix up some compiler flags
2010-05-17 09:12:42 -06:00
AUTHORS
authors: update my authors details
2010-07-09 23:21:00 +10:00
autobuild.sh
autobuild.sh: avoid bashism
2010-06-04 10:03:52 -06:00
autogen.sh
build: improve check for out-of-date .gnulib submodule
2010-04-02 15:49:32 -06:00
bootstrap
build: fix some mingw issues
2010-06-10 06:05:31 -06:00
bootstrap.conf
maint: add gnulib gettimeofday module
2010-06-25 07:46:28 -06:00
cfg.mk
build: fix VPATH 'make syntax-check'
2010-06-01 16:34:25 -06:00
ChangeLog-old
generate ChangeLog from git logs into distribution tarball
2009-07-08 16:17:51 +02:00
configure.ac
Add openauth example to demonstrate a custom auth callback
2010-07-13 13:50:27 +02:00
COPYING.LIB
remove all trailing blank lines
2009-07-16 15:06:42 +02:00
HACKING
docs: hacking: explain why using curly braces well is important
2010-05-04 15:41:21 +02:00
libvirt.pc.in
* libvirt.pc.in: applied patch from Daniel Berrange to fix --cflags
2006-03-24 13:18:12 +00:00
libvirt.spec.in
man pages: update authors and copyright notice for libvirtd and virsh
2010-07-17 04:51:01 +10:00
Makefile.am
Add openauth example to demonstrate a custom auth callback
2010-07-13 13:50:27 +02:00
Makefile.nonreentrant
syntax-check: enable prohibit_nonreentrant
2009-02-05 16:28:41 +00:00
mingw32-libvirt.spec.in
build: fix some mingw issues
2010-06-10 06:05:31 -06:00
README
Correct typos in the documentation (Atsushi SAKAI)
2008-01-24 10:15:13 +00:00
README-hacking
maint: relax git minimum version
2010-02-24 14:29:27 -05:00
TODO
Remove all trailing blanks; turn on the rule to detect them.
2008-02-05 19:27:37 +00:00

README 

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>
Description
Read-only mirror. Please submit merge requests / issues to https://gitlab.com/libvirt/libvirt
Readme 892 MiB
Languages
C 94.8%
Python 2%
Meson 0.9%
Shell 0.8%
Dockerfile 0.6%
Other 0.8%