Piotr Bartosiewicz [Thu, 18 Sep 2014 08:07:15 +0000 (10:07 +0200)]
New get_container_id_by_pid API function
[Bug/Feature] Introduce new API function: sc_get_container_id_by_pid
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I8bee78c062bcbbe29fc9e2c651989570c26869d1
Lukasz Kostyra [Tue, 5 Aug 2014 11:49:56 +0000 (13:49 +0200)]
Add API to create new containers
[Feature] Dbus method to add new containers
[Cause] Need of dynamic management of containers
[Solution] Added dbus API to add new containers.
Added new functions to utils needed during dynamic container creation.
[Verification] Build, install, run unit tests.
Change-Id: I2044c416947dccc3e0e90302f6b56ea49db0baa1
Piotr Bartosiewicz [Wed, 10 Sep 2014 11:35:50 +0000 (13:35 +0200)]
Unit test cleanup
[Bug/Feature] Update unit test of configuration to test changes in
libConfig (added missing piece of code).
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ifab57f3537cfcc4afa046608bd337b5386099b6e
Michal Witanowski [Tue, 26 Aug 2014 14:55:35 +0000 (16:55 +0200)]
Improve doxygen comments in client header
[Bug/Feature] N/A
[Cause] N/A
[Solution] * more details added
* example code provided.
[Verification] Run generate_documentation.sh script, verify output.
Non-comment parts hasn't been affected.
Change-Id: I506913c3047f64f64f1ff2e84c92cff9fda8b43f
Michal Witanowski [Mon, 1 Sep 2014 13:14:49 +0000 (15:14 +0200)]
Make SCS D-Bus independent
[Bug/Feature] Allow to run security-containers-server without dbusd inside
a container(s).
[Cause] N/A
[Solution] Add new value to containers' configs: "enableDbusIntegration".
[Verification] * build, install, run tests
* run SCS with default configuration
* run SCS with dbus disabled in one of the containers
Change-Id: If6d42487086a4907b231a8422c49c4cbdedfe18f
Mateusz Malicki [Wed, 27 Aug 2014 13:25:45 +0000 (15:25 +0200)]
Added sc_file_move_request client library function
[Bug/Feature] Added sc_file_move_request client library function
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I6c0449a06a4b9b3ad9c17fda16d00099100f71ed
Mateusz Malicki [Wed, 27 Aug 2014 12:19:40 +0000 (14:19 +0200)]
Added extra parameter to be passed to client callback functions
[Bug/Feature] Possibility to pass parameters to callback functions
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I8f060912aa3370b697c384289395ec1b884e3288
Dariusz Michaluk [Fri, 22 Aug 2014 09:29:37 +0000 (11:29 +0200)]
Fix incorrect network configuration
[Feature] Fix incorrect network configuration.
[Cause] Incorrect network netmask, filter name, ip address.
[Solution] N/A
[Verification] Build, install on new minimal image, run tests.
Change-Id: Idc1ddcd06c73297581f778b78d392bc34020c3cc
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Piotr Bartosiewicz [Wed, 27 Aug 2014 09:44:41 +0000 (11:44 +0200)]
Fix possible UB in unit tests
[Bug/Feature] Possible use of destroyed object in case when timeout
was reached.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ie4cf064c4c5e5171079e836f1b4ca24b2962121c
Jan Olszak [Mon, 25 Aug 2014 14:03:05 +0000 (16:03 +0200)]
Tests of serialization to and from KVStore
[Bug/Feature] Tests of the serialization
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: If8fb03c39093847e607a5b0e7980a9f972053b56
Piotr Bartosiewicz [Thu, 21 Aug 2014 16:02:49 +0000 (18:02 +0200)]
Client library cleanup
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Idd5feb3fe6ec78a9c3ad3ffbb5f26efda0abbaec
Jan Olszak [Wed, 20 Aug 2014 10:50:45 +0000 (12:50 +0200)]
Tests of a function for key creation
[Bug/Feature] Tests of key creation
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I4c7fbaec78dbba6f847e3c9275d62c3e4a4ef098
Mateusz Malicki [Thu, 14 Aug 2014 16:03:51 +0000 (18:03 +0200)]
Client library functions
[Feature] Add more functions to the client library.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run test suite Client
Change-Id: Ided49f0363c5bb94669c272fda745510cd21d985
Piotr Bartosiewicz [Tue, 19 Aug 2014 12:34:01 +0000 (14:34 +0200)]
[Unit tests] Handle segmentation faults
[Bug/Feature] No message was printed when unit tests was terminated by
some signal.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run good and crashing tests.
Change-Id: Ib8a8abae09e3dfa2d2badd8c78f87440eb834c4c
Jan Olszak [Mon, 11 Aug 2014 10:52:27 +0000 (12:52 +0200)]
Tests of storing non-string types in KVStore
[Bug/Feature] Types serializable to iostreams can be stored.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I4395d697620f6b8ea9e558edf620e35f797c6178
Mateusz Malicki [Mon, 4 Aug 2014 13:33:25 +0000 (15:33 +0200)]
Client library with C interface
[Feature] security-containers's client with c interface.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run test suite Client
Change-Id: Ic968e876806ce44751c95a9161ba8f497427aee8
Jacek Pielaszkiewicz [Fri, 27 Jun 2014 11:12:34 +0000 (13:12 +0200)]
Add libvirt network filter support to security-containers
[Feature] libvirt network filters implementation
[Cause] N/A
[Solution] - It was assumed that network filters are defined per
container.
- A new parameter networkFilterConfig has been added to
the container config file.
- Unit test have been updated due to a new configuration
parameter in the container confg file.
- "Network integration" tests for security-containers
have been implemented. The tests assume that
in the environment are two containers (Buisness and
Private). Both of them are mutually isolated and both
have the Internet access.
[Verification] Build, install, run tests
Signed-off-by: Jacek Pielaszkiewicz <j.pielaszkie@samsung.com>
Change-Id: Ibc08d85c1a362119fb71d80f66184a5c67b5c721
Jan Olszak [Tue, 5 Aug 2014 16:00:00 +0000 (18:00 +0200)]
Tests of the dynamic configuration in libConfig
[Bug/Feature] Dynamic configuration stored in a database
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I112701773ec555bca0521871e2066d84d727a00b
Jacek Pielaszkiewicz [Mon, 21 Jul 2014 15:09:35 +0000 (17:09 +0200)]
Extract common/log, common/dbus, common/config directories and create from them libraries.
[Bug/Feature] N/A
[Cause] N/A
[Solution] 1. The following directories have been extracted (removed):
- common/log
- common/dbus
- common/config
2. In place of the removed source code, security-containers is link
with the following libraries:
- libLogger
- libSimpleDbus
- libConfig
[Verification] Build, install, run tests
Change-Id: I9d0b1627638b401bb88e442dd9681a7943fe0b5d
Signed-off-by: Jacek Pielaszkiewicz <j.pielaszkie@samsung.com>
Piotr Bartosiewicz [Tue, 29 Jul 2014 10:33:10 +0000 (12:33 +0200)]
Fix client library installation
[Bug/Feature] Missing so versioning
[Cause] N/A
[Solution] N/A
[Verification] Build, install
Change-Id: I4f5c3715b177506c6c6e967512acf969944fa246
Jan Olszak [Fri, 25 Jul 2014 08:42:26 +0000 (10:42 +0200)]
Setting the active container through D-Bus
[Bug/Feature] D-Bus API for setting the active container
[Cause] N/A
[Solution] Added the new API
Added a common part of dbus definitions
[Verification] Build, install, run tests
Change-Id: I4be877c17751b6334e8d424ff64de8d884699ede
Piotr Bartosiewicz [Mon, 28 Jul 2014 09:06:13 +0000 (11:06 +0200)]
Fix invalid use of glib loop in unit tests
[Bug/Feature] Memleak in unit tests
[Cause] Glib loop was started twice
[Solution] N/A
[Verification] Build, install, run tests under valgrind
Change-Id: I7407a0211e141143b3828cf1784f3a2a5ac3f5b3
Jan Olszak [Tue, 22 Jul 2014 15:25:20 +0000 (17:25 +0200)]
API for obtaining container's IDs
[Bug/Feature] D-Bus API for getting the ID of the active container
D-Bus API for getting the IDs of all containers
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I03081e3dc5e275f9c0d5c6b5a6cacfef38c5adff
Piotr Bartosiewicz [Wed, 23 Jul 2014 10:56:47 +0000 (12:56 +0200)]
Dbus API for sharing containers DBuses
[Bug/Feature] New method on host dbus interface for getting list of
containers dbus addresses and new signals when
containers dbus become available or unavailable.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ib37d47c8e2ffbdca58828c542d7b474e068ca138
Piotr Bartosiewicz [Thu, 24 Jul 2014 08:22:03 +0000 (10:22 +0200)]
Fix dependency problem in spec
[Bug/Feature] Build break
[Cause] Dependency version not match
[Solution] N/A
[Verification] Build with gbs
Change-Id: I0b1a93d293364edea18b15b58cb61fa998674960
Piotr Bartosiewicz [Wed, 23 Jul 2014 14:18:43 +0000 (16:18 +0200)]
Release version 0.1.1
Change-Id: I0fdb371060d86446141700c60958d165cbf44d88
Piotr Bartosiewicz [Tue, 15 Jul 2014 13:24:26 +0000 (15:24 +0200)]
Dbus proxy call support
[Bug/Feature] Introduce the API for communication between services
inside container and services in host. SCS works as a
router/proxy enabling host <-> container and container
<-> container dbus calls.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ia85a7c0234880069653d1a8596dbc240fa7b3f76
Piotr Bartosiewicz [Tue, 15 Jul 2014 14:51:26 +0000 (16:51 +0200)]
Dbus async method call handler
[Bug/Feature] Enable deferred set of result in dbus method handler.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I11b3abe0886bc560f8b63f6206c64695f2f7eb1a
Piotr Bartosiewicz [Fri, 11 Jul 2014 14:38:19 +0000 (16:38 +0200)]
Dbus async method call
[Bug/Feature] Async version of dbus method call added.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I90bb5d1816a95f9619e2a4b88dd63c9ebd4b64da
Lukasz Kostyra [Mon, 14 Jul 2014 10:33:03 +0000 (12:33 +0200)]
Update input monitor configuration sequence
[Bug] Input monitor detected double-pressing, which caused errors.
[Cause] Some systems already used double-press as a pattern.
[Solution] Change input sequence from double press to triple press.
[Verification] Build, install, run SCS with -l TRACE.
Run journalctl --unit=security-containers --follow -l
Press "HOME" key three times quickly - you should see entries:
"Event sequence detected"
"Input monitor detected pattern"
"switchingSequenceMonitorNotify() called"
Change-Id: I52850851f1c72326d50b796d651886c7eec3406c
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Piotr Bartosiewicz [Tue, 8 Jul 2014 09:31:31 +0000 (11:31 +0200)]
Containers support package
[Bug/Feature] New package to be installed in every container. It
replaces image-skel dir.
[Cause] N/A
[Solution] N/A
[Verification] Build, install container-support and container-daemon
inside container, install rest packages on host, verify
scs works.
Change-Id: Ia03a6481d1fe72375cec751701ac9eba1d6cc97c
Lukasz Kostyra [Tue, 1 Jul 2014 13:08:26 +0000 (15:08 +0200)]
Add flag in container config allowing switch to default after timeout
[Feature] Flag in container config which allows switching to default container when timeout
occurs.
[Cause] Some containers might want to forbid switching to default container after timeout.
[Solution] Add flag switchToDefaultAfterTimeout allowing such switch in container config.
[Verification] Build, install, run tests. All should pass.
Change-Id: Icdcfc007c0a11126fe243988878a2c918d6bdf13
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Michal Witanowski [Fri, 4 Jul 2014 13:02:46 +0000 (15:02 +0200)]
Fix executable path in systemd service configuration
[Bug/Feature] N/A
[Cause] "usr" path varies between platforms.
[Solution] Generate daemon service path at build time.
[Verification] Build and install. Check if value of "ExecStart" in
/usr/lib/systemd/system/security-containers.service
is valid server executable path.
Change-Id: I7cd1bbcaedc3ad2e256c4bbe4210886ba6262813
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
Dariusz Michaluk [Thu, 10 Jul 2014 07:10:07 +0000 (09:10 +0200)]
Fix path to the dbus-daemon
[Bug/Feature] Fix path to the dbus-daemon
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests, run daemon
Change-Id: I9d8006b238bdf8ad22675c618213c10931938b0f
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Michal Witanowski [Mon, 12 May 2014 09:35:20 +0000 (11:35 +0200)]
Run Security Containers Server as non root user
[Bug/Feature] Drop root privileges of the server during startup.
[Solution] * User "security-containers" has been added to the
"libvirt" group.
* CAP_SYS_ADMIN and CAP_MAC_OVERRIDE capabilities have
been provided using libcap-ng.
[Verification] 1. Make sure that "security-containers" user (with UID
== 377) exists in the conainers. If no, execute:
chroot /path/to/container /bin/bash \
-c "useradd -r security-containers -u 377"
2. Run tests.
3. Start SCS service as root (directly or via systemd
service). Verify /proc/<PID>/status of the process:
* Uid == 377
* CapPrm == CapEff ==
0000000000200000
* Groups: <libvirt group ID>, <input group>
4. Run the service with "--root" option. Remember to
change policy in dbus configuration file
"etc/dbus-1/system.d/com.samsung.containers.conf"
from "security-containers" to "root".
5. Trigger update (via sending SIGUSR1) and check if
UID, groups and capabilities set did not change.
NOTE: Latest libvirt (from "tizen" branch on
tizen.org) is required.
Change-Id: Idfda05fb081ca48193b19a99a6628cf14ec4bf57
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
Michal Witanowski [Wed, 11 Jun 2014 09:36:00 +0000 (11:36 +0200)]
Add image configuration tests
[Bug/Feature] Integration tests verifying containers' images
completeness. If the tests fail, the containers will
most probably not run under SCS.
The following elements are checked:
* existence of "security-containers" user with UID
of 377
* existence and correctness of dbus configuration
("security-containers" should be allowed to use
"org.tizen.containers.domain" socket)
The names and paths to the containers' root file
systems are extracted from SCS daemon and libvirt
configs (/etc/security-containers/).
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests (sc_int_tests.py). Check
various scenarios: remove or corrupt dbus config
(etc/dbus-1/system.d/org.tizen.containers.domain.conf)
or libvirt's XML config, remove "security-containers"
user inside a container, change it's UID, etc.
Change-Id: I69782f348ecb1c6b63a60286a3a8ee4ae3f8465b
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
Piotr Bartosiewicz [Thu, 3 Jul 2014 10:24:29 +0000 (12:24 +0200)]
Connection to the hosts system dbus
[Bug/Feature] Introduce hosts dbus connection
[Cause] It's required by MDM and other hosts services
[Solution] N/A
[Verification] Build, install, run tests, run daemon
Change-Id: Ia88b249a00dff8674cd8387d08e05f3115c36912
Lukasz Kostyra [Fri, 4 Jul 2014 12:39:17 +0000 (14:39 +0200)]
Destroy libvirt domains with signal
[Feature] Libvirt now destroys its domains with signal.
[Cause] Destroying a domain in other way requires setns, which might not be available on
some systems.
[Solution] Tell libvirt to destroy a domain with signal.
[Verification] Build, install, run tests. All should pass.
Change-Id: I9d990488dd9a049feba2c02b070be2e4320029db
Lukasz Pawelczyk [Thu, 12 Jun 2014 08:12:41 +0000 (10:12 +0200)]
A DBUS API to move the files between containers
[Bug/Feature] Add an ability for a container to request a file move to another container.
Some minor fixes here and there.
Added missing tests for utils/fs.
A little revamp of DbusAccessory in ut-cm tests.
[Cause] N/A
[Solution] Implement a DBUS API and a simple move implementation.
[Verification] Build, install, run tests, run server.
Change-Id: I881f7b6079e38e3dd43d6fe34360457172047c2c
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Mateusz Malicki [Wed, 2 Jul 2014 07:08:06 +0000 (09:08 +0200)]
Fixed path in test configuration file removed
[Bug/Feature] Tests don't work on some installations
[Cause] There is a fixed path in test configuration file
[Solution] Remove fixed path in test configuration file
[Verification] Build, install, run test ContainersManagerSuite
Change-Id: Icd7bff311d2d1e9e982bbee8d577247fb66da1a4
Piotr Bartosiewicz [Tue, 1 Jul 2014 11:09:08 +0000 (13:09 +0200)]
Rename dbus interface name
[Bug/Feature] Rename interface name from 'com.samsung' to 'org.tizen'
[Cause] This is not a proprietary code
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I39cf5b5fc74b0f01e8678fab3a2ba02bc87c7ade
Dariusz Michaluk [Mon, 30 Jun 2014 14:30:39 +0000 (16:30 +0200)]
Fix RPM build error
[Bug/Feature] RPM build error.
[Cause] Installed but unpackaged files found.
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Icd4f2703d0d507ecafd795c623439393151f3675
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Lukasz Kostyra [Thu, 12 Jun 2014 13:31:19 +0000 (15:31 +0200)]
Dbus API for "Display Off" signal
[Feature] - API in Dbus to handle "Display Off" signal.
- Switching to default container when "Display Off" signal occurs.
[Cause] SC must properly react when device is inactive for some time.
[Solution] Create a Dbus API for Display Off signal. Use this event to switch to default
container.
[Verification] Build, install, run ContainersManagerSuite and ContainerConnectionSuite tests. Both
suites should pass.
Change-Id: I34e0178cd9d8efbbdad92e1f2d69f4c32b41f779
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Mateusz Malicki [Mon, 9 Jun 2014 11:03:34 +0000 (13:03 +0200)]
Dispatching container notifications
[Bug/Feature] Dispatching container notifications witch unit test
[Cause] Container should be informed about other containers notification
[Solution] Send dbus signal to other container
[Verification] Build, install, launch "sc_launch_test.py security-containers-server-unit-tests -t
ContainersManagerSuite/NotifyActiveContainerTest"
Change-Id: Ia101dee022e59ea7aef74e030eb3902a70c9f526
Piotr Bartosiewicz [Thu, 12 Jun 2014 08:41:51 +0000 (10:41 +0200)]
Manage containers networking
[Bug/Feature] Add possibility to manage and configure network for each
container.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests, run server
Change-Id: I215a548d66cf6d900f08af5c14c5f7746949445f
Jan Olszak [Tue, 3 Jun 2014 07:49:07 +0000 (09:49 +0200)]
Various changes to InputMonitor
[Bug/Feature] InputMonitor had to be corrected
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ibb7f71da0cfc19dad943a9e69badda3b6d866d70
Signed-off-by: Jan Olszak <j.olszak@samsung.com>
Lukasz Kostyra [Fri, 30 May 2014 07:52:37 +0000 (09:52 +0200)]
Add framework for integration tests
[Feature] Framework for integration tests in security-containers.
[Cause] Integration tests in python are to be added to security-containers.
[Solution] Add framework for integration tests using Python's unittest module.
[Verification] Successful build and installation.
Change-Id: I8812f044215fb282de90c1a906a9e433c545f046
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Piotr Bartosiewicz [Thu, 5 Jun 2014 14:42:06 +0000 (16:42 +0200)]
Configuration refactor
[Bug/Feature] N/A
[Cause] N/A
[Solution] - make configuration more modular
- decouple configuration structs from serialization
stuff
- add missing error checks
- add strict type checking while parsing json
[Verification] Build, install, run tests, run daemon
Change-Id: I8af518a6fd5f4c325c338980578202cb0fe8789d
Lukasz Pawelczyk [Fri, 6 Jun 2014 11:18:11 +0000 (13:18 +0200)]
Add UUID to the libvirt test xml strings
[Bug/Feature] Make those configs redefine automatically.
[Cause] If the test crashes/fails it can happen that something
won't get undefined effectively blocking further tests.
[Solution] Adding an UUID makes libvirt redefine automatically.
Same thing has been done previously for other configs.
[Verification] Built and run tests.
Change-Id: I865baf8e433c0df7321f46167be44f18d653c722
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Lukasz Pawelczyk [Tue, 3 Jun 2014 11:42:00 +0000 (13:42 +0200)]
Fix the stopping of the container in the ContainerSuite tests
[Bug/Feature] The test took 10 seconds cause we issued a stop command
before the container had a chance to start, effectively ignoring
the stop command. The 10 seconds timeout triggered after which
the container had been destroyed.
[Cause] There is no proper way to know that the system inside the
container has booted.
[Solution] Add some small timeout to allow the container to start properly.
Same thing is done in ContainerAdminSuite. There doesn't seem to
be a better way for that.
[Verification] Built, installed and run the tests.
Change-Id: I837588f93b335adab4ac5561b3a686af602e0c15
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Dariusz Michaluk [Tue, 3 Jun 2014 09:54:17 +0000 (11:54 +0200)]
Make the code compatible with older glib versions
[Bug/Feature] Make the code compatible with older glib versions.
[Cause] N/A
[Solution] Specific define for older glib versions.
[Verification] Built and run tests.
Change-Id: I65a16393fe3c266ca1b27bea166b1d2b2a41d0be
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Lukasz Pawelczyk [Fri, 23 May 2014 12:20:11 +0000 (14:20 +0200)]
Make the code compatible with more compilers
[Bug/Feature] Make the code compatible with more compilers.
[Cause] N/A
[Solution] Redefine some C++11 keywords.
Remove some specific C++11 constructs not found in C++0x.
Specific defines for various compilers and their versions.
[Verification] Built with GCC 4.6, GCC 4.8 and CLANG 3.4 and run tests.
Change-Id: I5ce7c2c3ca4372ec79b41facb1793c7df5b1f6b0
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Jan Olszak [Mon, 2 Jun 2014 14:20:54 +0000 (16:20 +0200)]
Fix of InputMonitor rebase
[Bug/Feature] Unit tests changed directories.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I6817a8bed4ca74e7ebe27cf87f6793da04853699
Signed-off-by: Jan Olszak <j.olszak@samsung.com>
Pawel Broda [Tue, 20 May 2014 08:36:57 +0000 (10:36 +0200)]
Input monitor
[Feature] Monitoring of events on input device files.
[Cause] There is no possibility to use *home button* in
native apps (there is no API for that).
[Solution] *Input monitor* class is added. It allows to
watch events on given device (not only *home button*).
When a pattern given in .conf file is recognized,
appropriate action is taken (i.e. callback).
[Verification] Compiled, built and run.
Conflicts:
common/utils/fs.cpp
common/utils/fs.hpp
server/containers-manager.hpp
Change-Id: I7bddd917e6da8d70c26c4188a640638669430619
Signed-off-by: Pawel Broda <p.broda@partner.samsung.com>
Signed-off-by: Jan Olszak <j.olszak@samsung.com>
Jan Olszak [Fri, 30 May 2014 16:14:51 +0000 (18:14 +0200)]
Libvirt network wrapper
[Bug/Feature] A wrapper for libvirt' network
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests.
Change-Id: I0997f846132cc29035b144705ff4a4835a3dad01
Jan Olszak [Wed, 28 May 2014 15:14:53 +0000 (17:14 +0200)]
Moving to boost::filesystem
[Bug/Feature] Some file system related functions are needed.
[Cause] N/A
[Solution] Deleted functions already implemented in boost:filesystem
[Verification] Build, install, run tests
Change-Id: Ic4e2c6fadecee739fde62c89bd441abd53d13390
Signed-off-by: Jan Olszak <j.olszak@samsung.com>
Piotr Bartosiewicz [Fri, 30 May 2014 09:14:15 +0000 (11:14 +0200)]
Remove dead code in python test script
[Bug/Feature] There is no need to colorize logs by script anymore
since it is done by console log backend.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests, verify that logs are colored.
Change-Id: Ie9b0acfa230d4b59184ca662256a51a4fec00e43
Lukasz Kostyra [Thu, 29 May 2014 08:42:20 +0000 (10:42 +0200)]
Reorganize tests in security-containers
[Feature] Reorganization of tests in security-containers
[Cause] Integration tests will be added to security-containers. In order to keep repo clean
all tests should be gathered in a "tests" directory and there divided into
test categories.
[Solution] Created "tests" directory and moved "unit_tests" to "tests" dir. Modified
CMakeLists to make project buildable. Changed RPM name from ...-unit-tests to
...-tests
[Verification] Build, install, run tests. All tests should work as they did before this commit.
Change-Id: I6d6e89f913fa5e7eece8a8502472ac499bc71117
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Piotr Bartosiewicz [Wed, 28 May 2014 15:14:53 +0000 (17:14 +0200)]
Journal logger backend fixes
[Bug/Feature] Some journal fields are incorrectly generated
[Cause] N/A
[Solution] - make PRIORITY values compatible with syslog
- repair CODE_* fields by proper use of macro
SD_JOURNAL_SUPPRESS_LOCATION
[Verification] Build, install, run server, check the result of:
journalctl -o json-pretty _COMM=security-contai
Change-Id: I8904649ba1e40152346ba986c58f9dcb788bc94d
Lukasz Pawelczyk [Tue, 20 May 2014 07:15:57 +0000 (09:15 +0200)]
Handle the container restart from within gracefully with DBUS reconnection
[Bug/Feature] You can now restart the container from within.
[Cause] Restarting was stopped by the reconnection routine.
[Solution] Reconnect tries few times with greater timeout before
giving up. This gives the time for the container to restart.
[Verification] Built, installed, run tests and the daemon.
Change-Id: I0e4f1c248af9f0d2faf81662876b971c2b35ed02
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Piotr Bartosiewicz [Mon, 19 May 2014 09:51:31 +0000 (11:51 +0200)]
Mount containers /run folder with proper smack labels
[Bug/Feature] Containers can't boot with SMACK.
[Cause] /run is badly mounted from host
[Solution] Add proper mount options.
[Verification] Build, install, run server and ensure container is
booting to the login prompt. You can also check if
'ls -laZ /run' prints 'System::Run' (assuming
/sys/fs/smackfs is mounted). Verify also if /run is
being mounted with no-smack kernel.
Change-Id: Ife40353d9ac45c923a2e9ce4e48f44b4ca203cf4
Michal Witanowski [Tue, 20 May 2014 08:09:14 +0000 (10:09 +0200)]
Fix building without spec
[Cause] Undefined macro.
[Solution] SYSTEMD_UNIT_DIR defined in CMakeLists.txt.
[Verification] Build with CMake.
Change-Id: I42ee402003af07b51d3cf07bc5dadf7a5dc442af
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
Piotr Bartosiewicz [Thu, 15 May 2014 11:24:26 +0000 (13:24 +0200)]
Mount smackfs into containers
[Bug/Feature] There were no possibilities to check SMACK labels being
inside the container
[Cause] Smackfs was not mounted
[Solution] N/A
[Verification] Build, install, check the result of command:
ls -1Z # (inside container)
Should output labels, not '?'
Change-Id: I8aaf961b05e87725df85b6031efb60c45142b977
Lukasz Kostyra [Mon, 28 Apr 2014 11:06:41 +0000 (13:06 +0200)]
Reload SCS binary when updating security-containers
[Feature] Reload SCS without turning containers off when binary is updated.
[Cause] When updating SCS we don't want to restart containers, only SCS itself.
[Solution] Add SIGUSR1 handling which will tell SCS to keep containers alive when exiting.
Add check in ContainerConnectionTransport if containers are running to skip remount
of tmpfs when it is not needed.
[Verification] Build, install, reboot target. Test the following when SCS is running together with
containers active:
* Call "systemctl stop security-containers". SCS should turn off and containers
should turn off as well. Call "systemctl start security-containers", SCS and
containers should start up.
* Simulate update by calling "kill -USR1 `pidof security-containers-server`". SCS
should properly reload, however containers should stay on. (note - the best way
to check it would be by verifying logs in journalctl).
Change-Id: I3a6d0fb25a4579208ad0f6d0de00e2755548230e
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Casey Schaufler [Mon, 19 May 2014 16:53:30 +0000 (09:53 -0700)]
Merge "Make Security Containers Server a systemd service" into tizen
Michal Witanowski [Wed, 16 Apr 2014 09:26:06 +0000 (11:26 +0200)]
Make Security Containers Server a systemd service
[Bug/Feature] Create systemd service for SCS launching.
[Cause] N/A
[Solution] * Needed configs and scripts have been written.
* "post" and "postun" sections of the spec file have been filled.
[Verification] Build and install on a target that has:
* "business" and "private" root filesystems located
at /opt/usr/containers/
* libvirtd running as systemd service
After the installation, verify:
1. Stopping/starting the service via "systemctl stop/start
security-containers.service".
2. Restarting the device (the containers should boot
automatically).
3. Killing the Security Containers Server (for example:
"kill -11 `pidof security-containers-server`")
- the service should restart in this situation.
4. Uninstalling the Security Containers package
- the containers should keep on running since next reboot.
5. Upgrading should send SIGUSR1 to the daemon (it will be handled
by another commit).
Change-Id: I514cc4c447e0f100022b80e2149fc3e228aa5f8a
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
Lukasz Pawelczyk [Mon, 19 May 2014 11:17:47 +0000 (13:17 +0200)]
Unit tests for ContainerAdmin using and testing the listeners
[Bug/Feature] Revamped tests for ContainerAdmin.
[Cause] N/A
[Solution] They use and test Listeners.
New test for the stop() procedure.
[Verification] Built, installed and run tests.
Change-Id: I76c0a3871298855b8cbdcddbd21e8421887d34ed
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Lukasz Pawelczyk [Thu, 8 May 2014 10:24:42 +0000 (12:24 +0200)]
Add libvirt's event listeners and use them to implement a graceful stop
[Bug/Feature] Orginize container's shutdown process
[Cause] Burdello
[Solution] Implemented listeners for libvirt's events (lifecycle and reboot)
Added libvirt-glib dependency to use glib main loop for those events.
Used those listeners to implement a synchronous graceful stop of
the container: "try to shutdown, if it wont in 10 seconds, destroy it".
Added thread ID to the logger.
Organized container related logs a little.
[Verification] Built, installed, run tests and the daemon.
Change-Id: I3be53a2a46cd130cf414e89b0c47eb1cce74e6b5
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Piotr Bartosiewicz [Thu, 15 May 2014 10:11:18 +0000 (12:11 +0200)]
Add SMACK manifests
[Bug/Feature] Manifests were not present
[Cause] N/A
[Solution] N/A
[Verification] Build, install, verity on target using command:
rpm -q --qf '%{SECMANIFEST}' pkg_name | base64 -d
where pkg_name is all of our security-containers*
Change-Id: I134055ea328b0f8b76e090dc33b1a3152d96dd0f
Jan Olszak [Wed, 14 May 2014 14:41:27 +0000 (16:41 +0200)]
Parsing LogLevel in the Logger
[Bug/Feature] No way to initialize LogLevel with a string value
[Cause] N/A
[Solution] Added parsing of LogLevel from std::string
[Verification] Build, install and run tests
Change-Id: I1f1dada51d0a131d13aa21d6e49e6c4d37ee0f25
Jan Olszak [Thu, 8 May 2014 14:00:07 +0000 (16:00 +0200)]
Introduced Container Daemon
[Bug/Feature] No way to run arbitrary code in a container
[Cause] N/A
[Solution] Introduced Container Daemon that provides his API
in system dbus of the container.
[Verification] Build, install run security-containers-container-daemon
dbus-send --system --dest=com.samsung.container.daemon \
--type=method_call --print-reply \
/com/samsung/container/daemon \
com.samsung.container.daemon.GainFocus
dbus-send --system --dest=com.samsung.container.daemon \
--type=method_call --print-reply \
/com/samsung/container/daemon \
com.samsung.container.daemon.LoseFocus
Change-Id: I557ca0b283f8c542d45238ec0183ee953a277d5e
Piotr Bartosiewicz [Thu, 8 May 2014 10:16:17 +0000 (12:16 +0200)]
Remove some minor clang warnings
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I0afb654f036c46a11946faadaa62dc5bb831d4d6
Lukasz Pawelczyk [Tue, 6 May 2014 10:42:28 +0000 (12:42 +0200)]
Handle reconnecting to the dbus, add glib helper
[Bug/Feature] Handle reconnecting to the dbus in case of the
connection loss. Also add a Glib helper for
scheduling a timer function to the glib loop.
Style cosmetics.
[Cause] In case the DBUS daemon gets restarted we loose
connection, we need to handle that case.
[Solution] Detect nameLost event and react appropriately.
[Verification] Built, installed, run tests.
The reconnect has been tested by hand as follows:
1. Run the security-containers-server
2. Make sure it started properly
3. Enter the container and restart dbus
4. See SCS logs, make sure it reconnected
5. Enter the container stop dbus and dbus.socket
6. See SCS logs, make sure the container stopped
Change-Id: I1185d8d46e0ace8e96b4d4136fbca20bd603bea9
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Piotr Bartosiewicz [Thu, 8 May 2014 10:37:20 +0000 (12:37 +0200)]
Fix config type of cpu quota
[Bug/Feature] Type in config was double instead of int64
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I77ee8fd87faf798a21d2327cb6955be3482e78a0
Lukasz Pawelczyk [Mon, 5 May 2014 12:16:42 +0000 (14:16 +0200)]
Minor changes to ContainerConnection
[Bug/Feature] ContainerConnection lifecycle is tied with a connection's lifecycle,
OnNameLost callback added.
[Cause] Be consistent, OnNameLost callback will be required to handle disconnections
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ie43eda2a4774ef003bee9ed877b6caab041035ba
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Piotr Bartosiewicz [Mon, 28 Apr 2014 12:05:46 +0000 (14:05 +0200)]
Include system headers as system
[Bug/Feature] Warnings in system headers should be silenced
[Cause] N/A
[Solution] N/A
[Verification] Build project
Change-Id: Id966ef78e736e98963d156d6d45e399bfe55a982
Piotr Bartosiewicz [Mon, 28 Apr 2014 11:11:32 +0000 (13:11 +0200)]
Don't use deprecated json api
[Bug/Feature] Compilation ploblems (-Werror=deprecated-declarations)
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ied61192ca331485c9ff579853053faa8caf959b3
Piotr Bartosiewicz [Fri, 25 Apr 2014 14:04:31 +0000 (16:04 +0200)]
Split ContainerConnection into two classes
[Bug/Feature] ContainerConnection had two separate functionalities
[Cause] N/A
[Solution] Extract transport class from connection class
[Verification] Build, install, run tests, run server
Change-Id: I165089d861a40e94f13bba31d61bce3b7571ff4e
Lukasz Pawelczyk [Fri, 25 Apr 2014 14:02:55 +0000 (16:02 +0200)]
Delay sending container to the background.
[Bug/Feature] Waiting for a dbus connection could take a long time.
[Cause] The container was CPU throttled immediately after its
start, this made it boot very slowly.
[Solution] Throttle the container after the dbus connection is made.
[Verification] Built, installed and run tests.
Change-Id: I9d69981bfd14820f71f1053a498b37b47a5bcfb1
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Lukasz Pawelczyk [Thu, 24 Apr 2014 09:15:07 +0000 (11:15 +0200)]
Make rpm also package directories with their proper permissions.
[Bug/Feature] The directories installed by the package were not owned
by the package and there was no control over their
permissions
[Cause] The permissions might have been umask dependent
[Solution] Add the directories to the RPM package, also move the
test config files to the /usr/share
[Verification] Built, installed and checked ownership
with rpm -ql and rpm -qf
Change-Id: I1f124f081aafca6f5971b01e980fb7d510dd634d
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Lukasz Pawelczyk [Thu, 24 Apr 2014 08:46:35 +0000 (10:46 +0200)]
Cleanup container/domain nomenclature.
[Bug/Feature] Be consistent in using the names container and domain.
[Cause] It wasn't consistent
[Solution] Domain is used for a libvirt, LXC up to a libvirt is called
domain, above that, in our nomenclature it's called container.
[Verification] Built, installed and run tests.
Change-Id: I43dfe58d9cce1b87509b6e36e25e5454abe52d76
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Piotr Bartosiewicz [Tue, 15 Apr 2014 15:55:11 +0000 (17:55 +0200)]
Introduce ContainerConnection class
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run server, run tests
Change-Id: I17c1a0ad0186568f94a6d867bb2d81a249aae42a
Mateusz Malicki [Tue, 22 Apr 2014 12:54:43 +0000 (14:54 +0200)]
Properly aligned log when '\n' is used
[Bug/Feature] Multiline logs in SC
[Cause] Wrong aligned logs when '\n' is used
[Solution] N/A
[Verification] Build with --define 'build_type DEBUG' and
run 'security-containers-server -l TRACE' on the target
Change-Id: I260ed215b9dc9a428973b25ac89c0b0176f8b7c4
Lukasz Pawelczyk [Fri, 18 Apr 2014 14:24:48 +0000 (16:24 +0200)]
Make the containers redefine automatically.
[Bug/Feature] Make the containers redefine automatically.
[Cause] It was not convenient to redo tests if they crashed or
were interrupted. Same with the server.
[Solution] Add UUID to the libvirt containers configuration that
makes libvirt redefine them automatically.
[Verification] Built, installed and run tests.
Change-Id: Iac109597878419b8dd611d4402a8f7d751c14f94
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Dariusz Michaluk [Wed, 16 Apr 2014 09:17:23 +0000 (11:17 +0200)]
Various changes in logger
[Bug/Feature] Logger class refactoring
Separate helper functions
Add coloring to the StderrBackend
[Cause] N/A
[Solution] N/A
[Verification] Build with --define "build_type DEBUG" gbs option
Build with --define "build_type RELEASE" gbs option
Install, run tests, check logs in output
Change-Id: Iffca4d7b9edd7640290535605d29140555349876
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Dariusz Michaluk [Tue, 8 Apr 2014 12:23:19 +0000 (14:23 +0200)]
Various changes in logger
[Bug/Feature] Add systemd journal backend
Add time and function field in stderr backend
Set stderr backend in DEBUG build
Set journal backend in RELEASE build
[Cause] N/A
[Solution] N/A
[Verification] Build with --define "build_type DEBUG" gbs option
Build with --define "build_type RELEASE" gbs option
Install, run tests, check logs in output
Change-Id: I3a4d4b3280a201684ac87c4421bfb2a2596fc72b
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Pawel Broda [Mon, 14 Apr 2014 07:59:38 +0000 (09:59 +0200)]
More informative logs in Container Admin
[Bug/Feature] Add more logs in Container Admin.
Reformat Container Admin logs.
[Cause] N/A
[Solution] N/A
[Verification] Build and run on the target.
Change-Id: If16acd778a3feba761a349951ca7dc97b89b9309
Piotr Bartosiewicz [Tue, 15 Apr 2014 09:57:53 +0000 (11:57 +0200)]
Fix LOG(message)
[Bug/Feature] Could not log variables with name 'message'.
[Cause] This name is used by variable in LOG macro.
[Solution] Uglify name used in macro.
[Verification] Build, install, run tests.
Change-Id: I0364286f273a5037c9684d935c3ad18d5bb15f69
Michal Witanowski [Tue, 8 Apr 2014 10:58:50 +0000 (12:58 +0200)]
Add DLOG devices to libvirt configurations
[Bug/Feature] DLOG did not work in a container.
[Cause] log_* devices not mounted.
[Solution] Mount needed devices.
[Verification] Redefine, start and log into private/business container.
Check if 'dlogutil' works.
This is only a temporary change, to make logging inside a container
possible at all. In the future, dlog will probably disappear, so this change
will no longer be needed.
Change-Id: Ie2db73a5912b55253e1de8ad353c717816f68908
Piotr Bartosiewicz [Fri, 11 Apr 2014 08:58:47 +0000 (10:58 +0200)]
Fix glib callbacks lifecycle problems
[Bug/Feature] Dbus connection callbacks was called on destroyed
connection.
[Cause] Closing glib connection does not remove pending events
so they can be fired in glib loop thread later.
[Solution] Wait for all callbacks to be deleted before connection
destructor ends.
[Verification] Build, install, run tests.
Change-Id: Id8e1999cf5938be64493cac503fbae1015abc02e
Jan Olszak [Fri, 11 Apr 2014 13:08:21 +0000 (15:08 +0200)]
Operator of conversion to bool for LibvirtDomain and LibvirtConnection
[Bug/Feature] Easy check if the connection is not NULL.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I261d0a8485f2e2bb7f2260b24c95efb139433f7b
Piotr Bartosiewicz [Wed, 9 Apr 2014 13:19:19 +0000 (15:19 +0200)]
Unit tests various fixes
[Bug/Feature] N/A
[Cause] 1) Throwing exception from thread cause unit tests
termination.
2) Dbus daemon can leave its socket after termination.
3) Lambda had access to freed variables.
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I3e1959098cb7c53498f44b862fcb812daf88ada2
Lukasz Pawelczyk [Tue, 8 Apr 2014 15:12:42 +0000 (17:12 +0200)]
Capture the libvirt logs and output them using our log system
[Bug/Feature] Capture the libvirt logs and output them using our log system
[Cause] Libvirt logs were sent to stdout effectively limiting our
internal logging system to capture and store them.
[Solution] Turn off libvirt stdout error reporting (warnings left for now)
and capture messages using libvirt's getLastError().
[Verification] Build, install, run tests on host.
Change-Id: I7bff428ea605697f5d63842ee7175492fb62f579
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Piotr Bartosiewicz [Fri, 4 Apr 2014 15:00:40 +0000 (17:00 +0200)]
Support dbus signals
[Bug/Feature] Dbus signal emmiting and handling was not implemented.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests.
Change-Id: If50e544e771ac4d3b4c7034bd13bb7edaba1b65c
Lukasz Pawelczyk [Thu, 3 Apr 2014 11:53:20 +0000 (13:53 +0200)]
Wrap virDomainPtr and virConnectionPtr in classes.
[Bug/Feature] Memleaks detected by valgrind.
[Cause] Container* classes can throw in Contstructors effectively
leaving vir* pointers not cleaned up.
[Solution] Wrap vir* pointers in classes with proper destructors.
[Verification] Build, install, run tests on host, some tests with valgrind.
Change-Id: I2b027c3c57e4105c3909ecac57157043663ffe7e
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Lukasz Kostyra [Mon, 7 Apr 2014 11:27:09 +0000 (13:27 +0200)]
Update some missing boilerplates
[Bug/Feature] N/A
[Cause] Some boilerplates were skipped by accident when updating.
[Solution] Update skipped boilerplates.
[Verification] N/A
Change-Id: Ia1ef987be8bf610b90e588bc7ee87475d258fb1c
Dariusz Michaluk [Fri, 4 Apr 2014 14:57:12 +0000 (16:57 +0200)]
Modify log format
Change-Id: I544343eb2f8878df432b08ad1427014681bd30b6
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Lukasz Kostyra [Mon, 7 Apr 2014 10:58:10 +0000 (12:58 +0200)]
Update informations in boilerplates
[Bug/Feature] N/A
[Cause] Informations in boilerplates were outdated.
[Solution] Update year and change contact information to author.
[Verification] N/A
Change-Id: I83a8ecc34d313e06f1e14805b93250eced029e01
Jan Olszak [Tue, 1 Apr 2014 14:08:31 +0000 (16:08 +0200)]
Basic version of the Server class
[Bug/Feature] Server class for managing the life cycle of the server.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests, run security-containers-server
Change-Id: I46fe53bffe9ce7d588bd9cacfefb28af475d048b
Piotr Bartosiewicz [Thu, 3 Apr 2014 10:50:23 +0000 (12:50 +0200)]
Fix container-admin unit tests
[Bug/Feature] ContainerAdminSuite/SuspendTest was failing.
[Cause] virDomainCreate does not wait until container is started.
[Solution] Add sleep in this tests.
[Verification] Build, install, run tests.
Change-Id: Id99388b3d6b10c8a92d46f6b48e7c897c13b29d4