[arch-commits] Commit in libvirt/trunk (4 files)

Sergej Pupykin spupykin at nymeria.archlinux.org
Wed Dec 4 17:13:45 UTC 2013


    Date: Wednesday, December 4, 2013 @ 18:13:44
  Author: spupykin
Revision: 102071

Modified:
  libvirt/trunk/PKGBUILD
Deleted:
  libvirt/trunk/0001-Also-store-user-group-ID-values-in-virIdentity.patch
  libvirt/trunk/0002-Ensure-system-identity-includes-process-start-time.patch
  libvirt/trunk/0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch

-----------------------------------------------------------------+
 0001-Also-store-user-group-ID-values-in-virIdentity.patch       |  156 ---------
 0002-Ensure-system-identity-includes-process-start-time.patch   |   70 ----
 0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch |  159 ----------
 PKGBUILD                                                        |    6 
 4 files changed, 3 insertions(+), 388 deletions(-)

Deleted: 0001-Also-store-user-group-ID-values-in-virIdentity.patch
===================================================================
--- 0001-Also-store-user-group-ID-values-in-virIdentity.patch	2013-12-04 16:20:55 UTC (rev 102070)
+++ 0001-Also-store-user-group-ID-values-in-virIdentity.patch	2013-12-04 17:13:44 UTC (rev 102071)
@@ -1,156 +0,0 @@
-From 02432e3afa32e9866fbf1317069b422ef552d1d4 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange at redhat.com>
-Date: Thu, 22 Aug 2013 16:00:01 +0100
-Subject: [PATCH 1/3] Also store user & group ID values in virIdentity
-
-Future improvements to the polkit code will require access to
-the numeric user ID, not merely user name.
-
-Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
----
- src/rpc/virnetserverclient.c | 18 ++++++++++++++++++
- src/util/viridentity.c       | 23 +++++++++++++++++++----
- src/util/viridentity.h       |  2 ++
- 3 files changed, 39 insertions(+), 4 deletions(-)
-
-diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
-index 83d5cf1..f30dd08 100644
---- a/src/rpc/virnetserverclient.c
-+++ b/src/rpc/virnetserverclient.c
-@@ -652,7 +652,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
-     char *processid = NULL;
-     char *processtime = NULL;
-     char *username = NULL;
-+    char *userid = NULL;
-     char *groupname = NULL;
-+    char *groupid = NULL;
- #if WITH_SASL
-     char *saslname = NULL;
- #endif
-@@ -672,8 +674,12 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
- 
-         if (!(username = virGetUserName(uid)))
-             goto cleanup;
-+        if (virAsprintf(&userid, "%d", uid) < 0)
-+            goto cleanup;
-         if (!(groupname = virGetGroupName(gid)))
-             goto cleanup;
-+        if (virAsprintf(&userid, "%d", gid) < 0)
-+            goto cleanup;
-         if (virAsprintf(&processid, "%llu",
-                         (unsigned long long)pid) < 0)
-             goto cleanup;
-@@ -710,11 +716,21 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
-                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
-                            username) < 0)
-         goto error;
-+    if (userid &&
-+        virIdentitySetAttr(ret,
-+                           VIR_IDENTITY_ATTR_UNIX_USER_ID,
-+                           userid) < 0)
-+        goto error;
-     if (groupname &&
-         virIdentitySetAttr(ret,
-                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
-                            groupname) < 0)
-         goto error;
-+    if (groupid &&
-+        virIdentitySetAttr(ret,
-+                           VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
-+                           groupid) < 0)
-+        goto error;
-     if (processid &&
-         virIdentitySetAttr(ret,
-                            VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
-@@ -745,7 +761,9 @@ virNetServerClientCreateIdentity(virNetServerClientPtr client)
- 
- cleanup:
-     VIR_FREE(username);
-+    VIR_FREE(userid);
-     VIR_FREE(groupname);
-+    VIR_FREE(groupid);
-     VIR_FREE(processid);
-     VIR_FREE(processtime);
-     VIR_FREE(seccontext);
-diff --git a/src/util/viridentity.c b/src/util/viridentity.c
-index 781f660..03c375b 100644
---- a/src/util/viridentity.c
-+++ b/src/util/viridentity.c
-@@ -133,7 +133,9 @@ int virIdentitySetCurrent(virIdentityPtr ident)
- virIdentityPtr virIdentityGetSystem(void)
- {
-     char *username = NULL;
-+    char *userid = NULL;
-     char *groupname = NULL;
-+    char *groupid = NULL;
-     char *seccontext = NULL;
-     virIdentityPtr ret = NULL;
- #if WITH_SELINUX
-@@ -147,8 +149,13 @@ virIdentityPtr virIdentityGetSystem(void)
- 
-     if (!(username = virGetUserName(getuid())))
-         goto cleanup;
-+    if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
-+        goto cleanup;
-+
-     if (!(groupname = virGetGroupName(getgid())))
-         goto cleanup;
-+    if (virAsprintf(&groupid, "%d", (int)getgid()) < 0)
-+        goto cleanup;
- 
- #if WITH_SELINUX
-     if (getcon(&con) < 0) {
-@@ -166,16 +173,22 @@ virIdentityPtr virIdentityGetSystem(void)
-     if (!(ret = virIdentityNew()))
-         goto cleanup;
- 
--    if (username &&
--        virIdentitySetAttr(ret,
-+    if (virIdentitySetAttr(ret,
-                            VIR_IDENTITY_ATTR_UNIX_USER_NAME,
-                            username) < 0)
-         goto error;
--    if (groupname &&
--        virIdentitySetAttr(ret,
-+    if (virIdentitySetAttr(ret,
-+                           VIR_IDENTITY_ATTR_UNIX_USER_ID,
-+                           userid) < 0)
-+        goto error;
-+    if (virIdentitySetAttr(ret,
-                            VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
-                            groupname) < 0)
-         goto error;
-+    if (virIdentitySetAttr(ret,
-+                           VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
-+                           groupid) < 0)
-+        goto error;
-     if (seccontext &&
-         virIdentitySetAttr(ret,
-                            VIR_IDENTITY_ATTR_SELINUX_CONTEXT,
-@@ -188,7 +201,9 @@ virIdentityPtr virIdentityGetSystem(void)
- 
- cleanup:
-     VIR_FREE(username);
-+    VIR_FREE(userid);
-     VIR_FREE(groupname);
-+    VIR_FREE(groupid);
-     VIR_FREE(seccontext);
-     VIR_FREE(processid);
-     return ret;
-diff --git a/src/util/viridentity.h b/src/util/viridentity.h
-index 4bae8d6..a240c2d 100644
---- a/src/util/viridentity.h
-+++ b/src/util/viridentity.h
-@@ -29,7 +29,9 @@ typedef virIdentity *virIdentityPtr;
- 
- typedef enum {
-       VIR_IDENTITY_ATTR_UNIX_USER_NAME,
-+      VIR_IDENTITY_ATTR_UNIX_USER_ID,
-       VIR_IDENTITY_ATTR_UNIX_GROUP_NAME,
-+      VIR_IDENTITY_ATTR_UNIX_GROUP_ID,
-       VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
-       VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
-       VIR_IDENTITY_ATTR_SASL_USER_NAME,
--- 
-1.8.3.1
-

Deleted: 0002-Ensure-system-identity-includes-process-start-time.patch
===================================================================
--- 0002-Ensure-system-identity-includes-process-start-time.patch	2013-12-04 16:20:55 UTC (rev 102070)
+++ 0002-Ensure-system-identity-includes-process-start-time.patch	2013-12-04 17:13:44 UTC (rev 102071)
@@ -1,70 +0,0 @@
-From f26b6e44bf0c3efe8167a528141224ccb7623b4a Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange at redhat.com>
-Date: Wed, 28 Aug 2013 15:22:05 +0100
-Subject: [PATCH 2/3] Ensure system identity includes process start time
-
-The polkit access driver will want to use the process start
-time field. This was already set for network identities, but
-not for the system identity.
-
-Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
----
- src/util/viridentity.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/src/util/viridentity.c b/src/util/viridentity.c
-index 03c375b..f681f85 100644
---- a/src/util/viridentity.c
-+++ b/src/util/viridentity.c
-@@ -35,6 +35,7 @@
- #include "virthread.h"
- #include "virutil.h"
- #include "virstring.h"
-+#include "virprocess.h"
- 
- #define VIR_FROM_THIS VIR_FROM_IDENTITY
- 
-@@ -142,11 +143,20 @@ virIdentityPtr virIdentityGetSystem(void)
-     security_context_t con;
- #endif
-     char *processid = NULL;
-+    unsigned long long timestamp;
-+    char *processtime = NULL;
- 
-     if (virAsprintf(&processid, "%llu",
-                     (unsigned long long)getpid()) < 0)
-         goto cleanup;
- 
-+    if (virProcessGetStartTime(getpid(), &timestamp) < 0)
-+        goto cleanup;
-+
-+    if (timestamp != 0 &&
-+        virAsprintf(&processtime, "%llu", timestamp) < 0)
-+        goto cleanup;
-+
-     if (!(username = virGetUserName(getuid())))
-         goto cleanup;
-     if (virAsprintf(&userid, "%d", (int)getuid()) < 0)
-@@ -198,6 +208,11 @@ virIdentityPtr virIdentityGetSystem(void)
-                            VIR_IDENTITY_ATTR_UNIX_PROCESS_ID,
-                            processid) < 0)
-         goto error;
-+    if (processtime &&
-+        virIdentitySetAttr(ret,
-+                           VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME,
-+                           processtime) < 0)
-+        goto error;
- 
- cleanup:
-     VIR_FREE(username);
-@@ -206,6 +221,7 @@ cleanup:
-     VIR_FREE(groupid);
-     VIR_FREE(seccontext);
-     VIR_FREE(processid);
-+    VIR_FREE(processtime);
-     return ret;
- 
- error:
--- 
-1.8.3.1
-

Deleted: 0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch
===================================================================
--- 0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch	2013-12-04 16:20:55 UTC (rev 102070)
+++ 0003-Add-support-for-using-3-arg-pkcheck-syntax-for-proce.patch	2013-12-04 17:13:44 UTC (rev 102071)
@@ -1,159 +0,0 @@
-From 4a061ec8fe94857dd21acf401c66195ec51b1234 Mon Sep 17 00:00:00 2001
-From: "Daniel P. Berrange" <berrange at redhat.com>
-Date: Wed, 28 Aug 2013 15:25:40 +0100
-Subject: [PATCH 3/3] Add support for using 3-arg pkcheck syntax for process
-
-With the existing pkcheck (pid, start time) tuple for identifying
-the process, there is a race condition, where a process can make
-a libvirt RPC call and in another thread exec a setuid application,
-causing it to change to effective UID 0. This in turn causes polkit
-to do its permission check based on the wrong UID.
-
-To address this, libvirt must get the UID the caller had at time
-of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
-triple to the pkcheck program.
-
-Signed-off-by: Colin Walters <walters at redhat.com>
-Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
----
- configure.ac                       |  8 ++++++++
- daemon/remote.c                    | 21 +++++++++++++++++---
- src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++-----
- 3 files changed, 61 insertions(+), 8 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 94a2e19..3dfbb4d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1184,6 +1184,14 @@ if test "x$with_polkit" = "xyes" || test "x$with_polkit" = "xcheck"; then
-   AC_PATH_PROG([PKCHECK_PATH],[pkcheck], [], [/usr/sbin:$PATH])
-   if test "x$PKCHECK_PATH" != "x" ; then
-     AC_DEFINE_UNQUOTED([PKCHECK_PATH],["$PKCHECK_PATH"],[Location of pkcheck program])
-+    AC_MSG_CHECKING([whether pkcheck supports uid value])
-+    pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
-+    if test "x$pkcheck_supports_uid" = "xtrue"; then
-+      AC_MSG_RESULT([yes])
-+      AC_DEFINE_UNQUOTED([PKCHECK_SUPPORTS_UID], 1, [Pass uid to pkcheck])
-+    else
-+      AC_MSG_RESULT([no])
-+    fi
-     AC_DEFINE_UNQUOTED([WITH_POLKIT], 1,
-         [use PolicyKit for UNIX socket access checks])
-     AC_DEFINE_UNQUOTED([WITH_POLKIT1], 1,
-diff --git a/daemon/remote.c b/daemon/remote.c
-index 03d5557..6132091 100644
---- a/daemon/remote.c
-+++ b/daemon/remote.c
-@@ -2731,10 +2731,12 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
-     int status = -1;
-     char *ident = NULL;
-     bool authdismissed = 0;
-+    bool supportsuid = 0;
-     char *pkout = NULL;
-     struct daemonClientPrivate *priv =
-         virNetServerClientGetPrivateData(client);
-     virCommandPtr cmd = NULL;
-+    static bool polkitInsecureWarned = false;
- 
-     virMutexLock(&priv->lock);
-     action = virNetServerClientGetReadonly(client) ?
-@@ -2756,14 +2758,27 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
-         goto authfail;
-     }
- 
-+    if (timestamp == 0) {
-+        VIR_WARN("Failing polkit auth due to missing client (pid=%lld) start time",
-+                 (long long)callerPid);
-+        goto authfail;
-+    }
-+
-     VIR_INFO("Checking PID %lld running as %d",
-              (long long) callerPid, callerUid);
- 
-     virCommandAddArg(cmd, "--process");
--    if (timestamp != 0) {
--        virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
-+# ifdef PKCHECK_SUPPORTS_UID
-+    supportsuid = 1;
-+# endif
-+    if (supportsuid) {
-+        virCommandAddArgFormat(cmd, "%lld,%llu,%lu", (long long) callerPid, timestamp, (unsigned long) callerUid);
-     } else {
--        virCommandAddArgFormat(cmd, "%lld", (long long) callerPid);
-+        if (!polkitInsecureWarned) {
-+            VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
-+            polkitInsecureWarned = true;
-+        }
-+        virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
-     }
-     virCommandAddArg(cmd, "--allow-user-interaction");
- 
-diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c
-index 4c76e64..d980820 100644
---- a/src/access/viraccessdriverpolkit.c
-+++ b/src/access/viraccessdriverpolkit.c
-@@ -72,8 +72,12 @@ static char *
- virAccessDriverPolkitFormatProcess(const char *actionid)
- {
-     virIdentityPtr identity = virIdentityGetCurrent();
--    const char *process = NULL;
-+    const char *callerPid = NULL;
-+    const char *callerTime = NULL;
-+    const char *callerUid = NULL;
-     char *ret = NULL;
-+    bool supportsuid = 0;
-+    static bool polkitInsecureWarned = false;
- 
-     if (!identity) {
-         virAccessError(VIR_ERR_ACCESS_DENIED,
-@@ -81,17 +85,43 @@ virAccessDriverPolkitFormatProcess(const char *actionid)
-                        actionid);
-         return NULL;
-     }
--    if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &process) < 0)
-+    if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_ID, &callerPid) < 0)
-+        goto cleanup;
-+    if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_PROCESS_TIME, &callerTime) < 0)
-+        goto cleanup;
-+    if (virIdentityGetAttr(identity, VIR_IDENTITY_ATTR_UNIX_USER_ID, &callerUid) < 0)
-         goto cleanup;
- 
--    if (!process) {
-+    if (!callerPid) {
-         virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
-                        _("No UNIX process ID available"));
-         goto cleanup;
-     }
--
--    if (VIR_STRDUP(ret, process) < 0)
-+    if (!callerTime) {
-+        virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
-+                       _("No UNIX process start time available"));
-+        goto cleanup;
-+    }
-+    if (!callerUid) {
-+        virAccessError(VIR_ERR_INTERNAL_ERROR, "%s",
-+                       _("No UNIX caller UID available"));
-         goto cleanup;
-+    }
-+
-+#ifdef PKCHECK_SUPPORTS_UID
-+    supportsuid = 1;
-+#endif
-+    if (supportsuid) {
-+        if (virAsprintf(&ret, "%s,%s,%s", callerPid, callerTime, callerUid) < 0)
-+            goto cleanup;
-+    } else {
-+        if (!polkitInsecureWarned) {
-+            VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
-+            polkitInsecureWarned = true;
-+        }
-+        if (virAsprintf(&ret, "%s,%s", callerPid, callerTime) < 0)
-+            goto cleanup;
-+    }
- 
- cleanup:
-     virObjectUnref(identity);
--- 
-1.8.3.1
-

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2013-12-04 16:20:55 UTC (rev 102070)
+++ PKGBUILD	2013-12-04 17:13:44 UTC (rev 102071)
@@ -4,7 +4,7 @@
 
 pkgname=libvirt
 pkgver=1.2.0
-pkgrel=1
+pkgrel=2
 pkgdesc="API for controlling virtualization engines (openvz,kvm,qemu,virtualbox,xen,etc)"
 arch=('i686' 'x86_64')
 url="http://libvirt.org/"
@@ -13,7 +13,7 @@
 	 'avahi' 'yajl' 'libpciaccess' 'udev' 'dbus-core' 'libxau' 'libxdmcp' 'libpcap'
 	 'curl' 'libsasl' 'libgcrypt' 'libgpg-error' 'openssl' 'libxcb' 'gcc-libs'
 	 'iproute2' 'libnl' 'libx11' 'audit' 'numactl')
-makedepends=('pkgconfig' 'lvm2' 'linux-api-headers' 'dnsmasq')
+makedepends=('pkgconfig' 'lvm2' 'linux-api-headers' 'dnsmasq' 'lxc')
 optdepends=('bridge-utils: for briged networking (default)'
 	    'dnsmasq: for NAT/DHCP for guests'
 	    'openbsd-netcat: for remote management over ssh'
@@ -54,7 +54,7 @@
 	--with-storage-lvm --without-xen --with-udev --without-hal --disable-static \
 	--with-init-script=systemd --with-audit \
 	--with-qemu-user=nobody --with-qemu-group=nobody \
-	--without-netcf --with-interface
+	--without-netcf --with-interface --with-lxc
   make
 
   sed -i 's|/etc/sysconfig/|/etc/conf.d/|' daemon/libvirtd.service tools/libvirt-guests.service




More information about the arch-commits mailing list