This is a v4 patch series that updates the libvirt's security driver mechanism to support per-guest configurable user and group for QEMU processes running together with other security drivers, such as SELinux and AppArmor.
Marcelo Cerri (5): Internal refactory of data structures Multiple security drivers in XML data Update security layer to handle many security labels Support for multiple default security drivers in QEMU config Update the remote API daemon/remote.c | 63 ++++ docs/formatdomain.html.in | 11 +- docs/schemas/capability.rng | 18 +- docs/schemas/domaincommon.rng | 30 ++- include/libvirt/libvirt.h.in | 2 + python/generator.py | 1 + src/conf/capabilities.c | 17 +- src/conf/capabilities.h | 6 +- src/conf/domain_audit.c | 14 +- src/conf/domain_conf.c | 343 +++++++++++++++----- src/conf/domain_conf.h | 20 +- src/driver.h | 4 + src/libvirt.c | 47 +++ src/libvirt_private.syms | 5 + src/libvirt_public.syms | 1 + src/lxc/lxc_conf.c | 8 +- src/lxc/lxc_controller.c | 8 +- src/lxc/lxc_driver.c | 11 +- src/lxc/lxc_process.c | 23 +- src/qemu/qemu.conf | 6 +- src/qemu/qemu_conf.c | 38 ++- src/qemu/qemu_conf.h | 2 +- src/qemu/qemu_driver.c | 218 +++++++++++--- src/qemu/qemu_process.c | 50 ++- src/remote/remote_driver.c | 46 +++ src/remote/remote_protocol.x | 17 +- src/remote_protocol-structs | 11 + src/security/security_apparmor.c | 118 +++++-- src/security/security_dac.c | 324 +++++++++++++++++-- src/security/security_manager.c | 101 +++++-- src/security/security_manager.h | 8 +- src/security/security_selinux.c | 263 +++++++++++----- src/security/security_stack.c | 237 +++++++++----- src/security/security_stack.h | 13 + src/test/test_driver.c | 11 +- .../qemuxml2argv-seclabel-dynamic-override.xml | 4 +- .../qemuxml2argv-seclabel-dynamic.xml | 2 +- 37 files changed, 1653 insertions(+), 448 deletions(-) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
