NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity
d0c0e79ac6
libvirt/src/security/security_stack.h
Daniel P. Berrange d0c0e79ac6 Fix configuration of QEMU security drivers 
If no 'security_driver' config option was set, then the code
just loaded the 'dac' security driver. This is a regression
on previous behaviour, where we would probe for a possible
security driver. ie default to SELinux if available.

This changes things so that it 'security_driver' is not set,
we once again do probing. For simplicity we also always
create the stack driver, even if there is only one driver
active.

The desired semantics are:

 - security_driver not set
     -> probe for selinux/apparmour/nop
     -> auto-add DAC driver
 - security_driver set to a string
     -> add that one driver
     -> auto-add DAC driver
 - security_driver set to a list
     -> add all drivers in list
     -> auto-add DAC driver

It is not allowed, or possible to specify 'dac' in the
security_driver config param, since that is always
enabled.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2012-08-30 11:36:28 +08:00

39 lines
1.2 KiB
C
Raw Blame History

/*
* Copyright (C) 2010-2011 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; If not, see
* <http://www.gnu.org/licenses/>.
*
* Stacked security driver
*/
#include "security_driver.h"
#ifndef __VIR_SECURITY_STACK
# define __VIR_SECURITY_STACK
extern virSecurityDriver virSecurityDriverStack;
int
virSecurityStackAddNested(virSecurityManagerPtr mgr,
virSecurityManagerPtr nested);
virSecurityManagerPtr
virSecurityStackGetPrimary(virSecurityManagerPtr mgr);
virSecurityManagerPtr*
virSecurityStackGetNested(virSecurityManagerPtr mgr);
#endif /* __VIR_SECURITY_DAC */
Reference in New Issue View Git Blame Copy Permalink