xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Wed, 25 Jan 2012 14:12:53 +0000 (14:12 +0000)
committer	Eric Blake <eblake@redhat.com>
	Fri, 3 Feb 2012 00:44:39 +0000 (17:44 -0700)
commit	0f01192e7e5c0fb8ead1ae1c92f03aefc2b3cfc0
tree	cc0ec0d3ee88ff3c03f8f0a33990de127f3cb2f5	tree
parent	b170eb99f53412b6955f76aa986ff81bc96259f7	commit \| diff

Add support for sVirt in the LXC driver

For the sake of backwards compat, LXC guests are *not*
confined by default. This is because it is not practical
to dynamically relabel containers using large filesystem
trees. Applications can create confined containers though,
by giving suitable XML configs

* src/Makefile.am: Link libvirt_lxc to security drivers
* src/lxc/libvirtd_lxc.aug, src/lxc/lxc_conf.h,
  src/lxc/lxc_conf.c, src/lxc/lxc.conf,
  src/lxc/test_libvirtd_lxc.aug: Config file handling for
  security driver
* src/lxc/lxc_driver.c: Wire up security driver functions
* src/lxc/lxc_controller.c: Add a '--security' flag to
  specify which security driver to activate
* src/lxc/lxc_container.c, src/lxc/lxc_container.h: Set
  the process label just before exec'ing init.

src/Makefile.am		diff \| blob \| blame \| history
src/lxc/libvirtd_lxc.aug		diff \| blob \| blame \| history
src/lxc/lxc.conf		diff \| blob \| blame \| history
src/lxc/lxc_conf.c		diff \| blob \| blame \| history
src/lxc/lxc_conf.h		diff \| blob \| blame \| history
src/lxc/lxc_container.c		diff \| blob \| blame \| history
src/lxc/lxc_container.h		diff \| blob \| blame \| history
src/lxc/lxc_controller.c		diff \| blob \| blame \| history
src/lxc/lxc_driver.c		diff \| blob \| blame \| history
src/lxc/test_libvirtd_lxc.aug		diff \| blob \| blame \| history