Mateusz Malicki [Wed, 26 Nov 2014 14:24:00 +0000 (15:24 +0100)]
Added testing union in config file
[Bug/Feature] Testing union in config file
[Cause] Added union to config
[Solution] Added union field in testing structure
[Verification] Build, install, run scs tests
Change-Id: I538e6ea370ea1a57f647bbde0f040b1585a4fd0a
Dariusz Michaluk [Mon, 24 Nov 2014 14:33:27 +0000 (15:33 +0100)]
Add tizen common (with wayland) lxc template
Change-Id: If6d1fe2641f9a36a7d3a8c16b9a658661491ff13
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Dariusz Michaluk [Tue, 25 Nov 2014 15:13:41 +0000 (16:13 +0100)]
Added lock_domain/unlock_domain to cli
[Feature] Ability to lock/unlock domain through cli
[Cause] The need for the ability to lock/unlock domains
[Solution] Add lock_domain/unlock_domain cli function
[Verification] Build, install, run
Change-Id: I4a017b328f0b44913f0561bd444e913c68f67359
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Dariusz Michaluk [Tue, 25 Nov 2014 13:33:28 +0000 (14:33 +0100)]
Add client stubs for domain lifetime management
[Bug/Feature] Client stubs for domain lifetime management
[Cause] N/A
[Solution] N/A
[Verification] Build
Change-Id: I4b6b659e4de5e18d2b00851ecbdeacfd80e3d442
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Piotr Bartosiewicz [Tue, 25 Nov 2014 13:47:58 +0000 (14:47 +0100)]
Templated network configuration
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run test
Change-Id: I46af4da7ad656b05193184fc972c1d7489eb25f6
Dariusz Michaluk [Tue, 25 Nov 2014 13:47:46 +0000 (14:47 +0100)]
Fix RPM build error
[Bug/Feature] RPM build error
[Cause] Installed but unpackaged file found
[Solution] Add file
[Verification] Build
Change-Id: Ic4f8258386ae9a289c637cf28ac878effda0e197
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Piotr Bartosiewicz [Mon, 24 Nov 2014 16:10:29 +0000 (17:10 +0100)]
Fix create container from template
[Bug/Feature] Templates stops working after migration to lxc
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ifbc0db612391eb7460b757b3cd12dda79183178b
Jan Olszak [Mon, 24 Nov 2014 16:30:27 +0000 (17:30 +0100)]
IPC: Refactoring
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I421b6af0c5da5b6f1d73d69e491e976f84894272
Jan Olszak [Mon, 17 Nov 2014 11:58:32 +0000 (12:58 +0100)]
IPC: NONBLOCK sockets
[Bug/Feature] All writes and reads have timeout
Timeout in callSync removes the peer
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I86213b04e435a48bc56ae6f995a0c364b712a4d0
Piotr Bartosiewicz [Thu, 20 Nov 2014 14:23:08 +0000 (15:23 +0100)]
Merge remote-tracking branch 'origin/unstable' into tizen
Conflicts:
packaging/security-containers.spec
server/CMakeLists.txt
tests/unit_tests/CMakeLists.txt
tests/unit_tests/client/ut-client.cpp
Change-Id: I9bc4f97213d9112766345411ceac2436a7d15d05
Piotr Bartosiewicz [Thu, 20 Nov 2014 12:09:49 +0000 (13:09 +0100)]
Fix lxc templates
[Bug/Feature] Tests was failing on some images
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I9b2029539a4c5567b6eaed178ef1df2b7dce3c44
Jan Olszak [Wed, 19 Nov 2014 14:26:28 +0000 (15:26 +0100)]
Fixing build brake for gcc 4.6
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build with older gcc
Change-Id: I0c889f7d79e10403a18b915c0c30e91400542de4
Piotr Bartosiewicz [Wed, 19 Nov 2014 12:37:16 +0000 (13:37 +0100)]
Fix compilation problems
[Bug/Feature] Code does not build using older gcc
[Cause] N/A
[Solution] N/A
[Verification] Build
Change-Id: Ifd7dd7bce080ac16983a23d30585ace08a522f05
Mateusz Malicki [Fri, 14 Nov 2014 15:38:16 +0000 (16:38 +0100)]
Implement lookup_domain_by_id function in server, client and cli
[Bug/Feature] Implement lookup_domain_by_id function in server, client and cli
[Cause] N/A
[Solution] N/A
[Verification] Build, run appropriate function (through cli)
Change-Id: I2908e760613532caadcc9c58a1d522d4ac7767c4
Piotr Bartosiewicz [Tue, 18 Nov 2014 12:34:58 +0000 (13:34 +0100)]
Lxc networking
[Bug/Feature] Add lxc network config. Remove dead network code.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run
Change-Id: I2883858dbd571a01c93f6cc8c6b47cffe970a42a
Jan Olszak [Wed, 12 Nov 2014 14:36:09 +0000 (15:36 +0100)]
IPC: Pass error to return the value callback
[Bug/Feature] Return value callback takes status enum
Peer's socket is locket when processing
the callbacks.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I74f30713e7c4fa6d8f35b79c2485137d1c9119c3
Piotr Bartosiewicz [Fri, 14 Nov 2014 11:20:04 +0000 (12:20 +0100)]
Fix shutdown for systemd init
[Bug/Feature] Systemd does not shutdown on signal
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests, run container
Change-Id: Ic4b617c1a35a260803961fb17aba1da51c3af013
Mateusz Malicki [Fri, 14 Nov 2014 07:58:01 +0000 (08:58 +0100)]
Add client stubs for domain image management
[Bug/Feature] Client stubs for domain image management
[Cause] N/A
[Solution] N/A
[Verification] Build
Change-Id: I1e193a41b86d75333ed8dc0f165c42e52a1c16f9
Mateusz Malicki [Wed, 12 Nov 2014 15:10:30 +0000 (16:10 +0100)]
Add client stubs for domain devices management
[Bug/Feature] Client stubs for domain devices management
[Cause] N/A
[Solution] N/A
[Verification] Build
Change-Id: Ie34fff4507fa7277a2327983ae3bd6b7c732ae82
Mateusz Malicki [Wed, 12 Nov 2014 14:32:49 +0000 (15:32 +0100)]
Add client stubs for domain lifetime management
[Bug/Feature] Client stubs for domain lifetime management
[Cause] N/A
[Solution] N/A
[Verification] Build
Change-Id: Ibf6c8f769bf2bfab4e7960a6775fb1064990fc2d
Mateusz Malicki [Wed, 12 Nov 2014 13:43:18 +0000 (14:43 +0100)]
Add client stubs for getting domain informations
[Bug/Feature] Client stubs for getting domain informations
[Cause] N/A
[Solution] N/A
[Verification] Build
Change-Id: If800ae1396f3ec2e1a39d144ab6e93ea583b8949
Piotr Bartosiewicz [Wed, 5 Nov 2014 14:00:03 +0000 (15:00 +0100)]
Lxc server configs, missing ContainerAdmin stuff
WORK IN PROGRESS
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] All tests should pass
Change-Id: I87505823a5b1c543ee495ede010430bb8c745736
Jan Olszak [Mon, 3 Nov 2014 06:52:00 +0000 (08:52 +0200)]
IPC via UX sockets
[Bug/Feature] IPC for communication between the library and daemon
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I9880c7b4f3104b93f38d0e6ad86762fb17013d28
Mateusz Malicki [Fri, 7 Nov 2014 08:25:00 +0000 (09:25 +0100)]
Add vsm_del_state_callback and vsm_del_notification_callback functions
[Feature] Add possibility to unsubscribe from signal
(unregister state callback and notification callback)
[Cause] N/A
[Solution] API Change:
* add vsm_del_state_callback and vsm_del_notification_callback,
* change vsm_add_notification_callback and vsm_add_state_callback signatures
[Verification] Compile
Change-Id: Ia390a41175c6b3bd9334018c28f61533c248fc05
Mateusz Malicki [Thu, 6 Nov 2014 17:31:58 +0000 (18:31 +0100)]
Rename cli, client library and client test functions
[Feature] Brave New Name
[Cause] New name of SCS
[Solution] Rename:
* sc_ -> vsm_
* Sc -> Vsm,
* SC -> VSM,
* container_dbus_state -> add_state_callback,
* get_container_id_by_pid -> lookup_domain_by_pid,
* get_container_ids -> get_domain_ids
[Verification] Compile
Change-Id: Icaffebaa5e7a0e9d5869a9d2ec701bf385e99529
Piotr Bartosiewicz [Wed, 29 Oct 2014 15:48:00 +0000 (16:48 +0100)]
Bind LxcDomain to the logic
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] All tests should pass
Change-Id: I212f4cfa2b377ed03c0cd08d03bba0772524da1b
Mateusz Malicki [Mon, 20 Oct 2014 08:14:42 +0000 (10:14 +0200)]
Added add_container to cli
[Feature] Ability to add container through cli
[Cause] The need for the ability to add containers
[Solution] Add add_container cli function
[Verification] Build, install, run add container
Change-Id: I020bddaa3707f0e84227a35a85d0905fbb81d6be
Mateusz Malicki [Mon, 20 Oct 2014 07:34:33 +0000 (09:34 +0200)]
Added sc_add_container to security-container's client
[Feature] Ability to add container through SCS client
[Cause] Cli need this
[Solution] Add sc_add_container client function
[Verification] Build, install, run Client/AddContainerTest test
Change-Id: Ie0179cb02bdf1946fb9f8d2fd2f3c303cda401fe
Lukasz Kostyra [Thu, 23 Oct 2014 11:31:30 +0000 (13:31 +0200)]
Handle empty container name in AddContainer API
[Bug] AddContainer API did not handle the case when container id was empty.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, try adding a container with empty string as name.
Change-Id: I9340e56c58070c5b4c7aa1a0e4d7c2f5ea9c3aa6
Lukasz Kostyra [Mon, 20 Oct 2014 12:00:32 +0000 (14:00 +0200)]
Improvements to SCS API
[Bug] * removeAllWrapper caught wrong type of exception
* AddContainer did not focus container after adding
* getActiveContainerId segfaulted when no container was present
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests.
Change-Id: I6bc665952c0f0c515c3aa548bdd6165b2ee7d55b
Lukasz Kostyra [Thu, 16 Oct 2014 12:44:52 +0000 (14:44 +0200)]
Add launchAsRoot and use it when adding new container
[Feature] Function launchAsRoot.
[Cause] Some functions need to be launched as root.
[Solution] Add launchAsRoot which forks, sets UID to 0 and then calls a function.
[Verification] Build, install, run tests. Add new container - no copying errors should occur.
Change-Id: Iaf917108ea4c7c699d9f2d69c8100430daa4f9c4
Lukasz Kostyra [Tue, 14 Oct 2014 08:00:49 +0000 (10:00 +0200)]
Fix issue with permissions when copying dir contents
[Bug] Permission denied error when trying to copy read-only directories recursively.
[Cause] boost::filesystem::copy applied permissions immediately, which in some cases caused
error when trying to write something inside processed directory.
[Solution] Instead of using boost::filesystem::copy on directories, split action into three
sub-actions:
* Create new directory with boost::filesystem::create_directory
* Call copyDirContentsRec() to copy contents of processed directory
* Apply source directory permissions and ownership
[Verification] Build, install, run tests.
Change-Id: Ifdec110a595dcecd113abf4065dd1cdc03f2d3cb
Piotr Bartosiewicz [Thu, 23 Oct 2014 11:56:44 +0000 (13:56 +0200)]
Get rid of libvirt configs
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: Ibefee41db18ace8e000671f7bedd6a075e9ce8db
Piotr Bartosiewicz [Tue, 21 Oct 2014 09:19:58 +0000 (11:19 +0200)]
LxcDomain class with tests
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: Ibfd0593d92cb9cd4bc52430e4207b93a1a53ecf8
Piotr Bartosiewicz [Tue, 21 Oct 2014 13:32:06 +0000 (15:32 +0200)]
Fix missing package dependency
[Bug/Feature] Test package require python-xml for working.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests.
Change-Id: I08774f20115dfd4d4ab18a65dd4ac395fb6322ce
Piotr Bartosiewicz [Wed, 8 Oct 2014 07:55:48 +0000 (09:55 +0200)]
Remove libvirt code (prepare to replace with lxc)
Note configs are not removed yet
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] N/A
Change-Id: Ibf61dfb56d6d6a413c4161d9dae69bd1e9de97a5
Mateusz Malicki [Thu, 9 Oct 2014 17:10:11 +0000 (19:10 +0200)]
Command line interface to SCS
[Feature] Command line interface to SCS
[Cause] Need to manage SCS from shell
[Solution] Binary that use libsecurity-containers
[Verification] Build, install, execute security-containers-cli (switch container),
check SCS logs.
Change-Id: Ia6cc1cc00295e19befd2e0987900b69e2d4e7bd3
Lukasz Kostyra [Mon, 13 Oct 2014 12:49:29 +0000 (14:49 +0200)]
Adjust configuration files for Tizen:Common profile
[Feature] Configuration files modified for Tizen:Common profile.
[Cause] Tizen:Common devices use different configuration than M0 devices.
[Solution] Change configuration files.
[Verification] Build, install on Tizen:Common device, run tests.
Change-Id: Ib1db585f99ba4e8feecd1defa76de277e3fead0b
Lukasz Kostyra [Wed, 15 Oct 2014 08:13:15 +0000 (10:13 +0200)]
Update missing vt field in container template
[Bug] Field 'vt' was missing in template used to add new containers.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run freshly added container. SCS should not return "missing config
field 'vt'" error.
Change-Id: Iec9633d3e8a0e727f854a166d6ab7cfc65ccdf5b
Lukasz Kostyra [Mon, 13 Oct 2014 12:02:40 +0000 (14:02 +0200)]
Allow SCS to launch without any container
[Bug] SCS segfaulted when launching without any containers provided in config.
[Cause] Some functions assumed that certain config fields should never be empty
[Solution] Additional checks to avoid segfault.
[Verification] Build, install, run tests, launch SCS without any predefined containers.
Try to switch between containers when less than two containers are present.
Change-Id: I58a69d55807f686fb168057dfb1b447707351a46
Jan Olszak [Fri, 3 Oct 2014 16:20:30 +0000 (18:20 +0200)]
Tests of the serialization functions from libConfig
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ifa9e3397f4405cf4d9d1bcca2c891eb789cdf2ae
Lukasz Kostyra [Thu, 25 Sep 2014 09:59:58 +0000 (11:59 +0200)]
Implement switchingSequenceMonitorNotify and add VT switching support
[Feature] switchingSequenceMonitorNotify function implementation and module to handle VT
switching
[Cause] Nothing happened when user provided input sequence to Input Monitor
[Solution] Implemented switchingSequenceMonitorNotify and added VT switching to function
ContainersManager::focus.
[Verification] Build, install, run unit tests. Tests (especially FocusTest) should pass.
Change-Id: Ie4aa7d1679bfaa5a0fdfaf238ebc14a3b8150006
Jan Olszak [Wed, 24 Sep 2014 14:12:13 +0000 (16:12 +0200)]
Adjusting tests to the changed KVStore
[Bug/Feature] Added isEmpty() and exists() functions
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ied7f469599cfdb31104e4f0bc1b67b8cbc2a2cc0
Piotr Bartosiewicz [Thu, 18 Sep 2014 08:07:15 +0000 (10:07 +0200)]
New get_container_id_by_pid API function
[Bug/Feature] Introduce new API function: sc_get_container_id_by_pid
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I8bee78c062bcbbe29fc9e2c651989570c26869d1
Lukasz Kostyra [Tue, 5 Aug 2014 11:49:56 +0000 (13:49 +0200)]
Add API to create new containers
[Feature] Dbus method to add new containers
[Cause] Need of dynamic management of containers
[Solution] Added dbus API to add new containers.
Added new functions to utils needed during dynamic container creation.
[Verification] Build, install, run unit tests.
Change-Id: I2044c416947dccc3e0e90302f6b56ea49db0baa1
Piotr Bartosiewicz [Wed, 10 Sep 2014 11:35:50 +0000 (13:35 +0200)]
Unit test cleanup
[Bug/Feature] Update unit test of configuration to test changes in
libConfig (added missing piece of code).
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ifab57f3537cfcc4afa046608bd337b5386099b6e
Michal Witanowski [Tue, 26 Aug 2014 14:55:35 +0000 (16:55 +0200)]
Improve doxygen comments in client header
[Bug/Feature] N/A
[Cause] N/A
[Solution] * more details added
* example code provided.
[Verification] Run generate_documentation.sh script, verify output.
Non-comment parts hasn't been affected.
Change-Id: I506913c3047f64f64f1ff2e84c92cff9fda8b43f
Michal Witanowski [Mon, 1 Sep 2014 13:14:49 +0000 (15:14 +0200)]
Make SCS D-Bus independent
[Bug/Feature] Allow to run security-containers-server without dbusd inside
a container(s).
[Cause] N/A
[Solution] Add new value to containers' configs: "enableDbusIntegration".
[Verification] * build, install, run tests
* run SCS with default configuration
* run SCS with dbus disabled in one of the containers
Change-Id: If6d42487086a4907b231a8422c49c4cbdedfe18f
Mateusz Malicki [Wed, 27 Aug 2014 13:25:45 +0000 (15:25 +0200)]
Added sc_file_move_request client library function
[Bug/Feature] Added sc_file_move_request client library function
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I6c0449a06a4b9b3ad9c17fda16d00099100f71ed
Mateusz Malicki [Wed, 27 Aug 2014 12:19:40 +0000 (14:19 +0200)]
Added extra parameter to be passed to client callback functions
[Bug/Feature] Possibility to pass parameters to callback functions
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I8f060912aa3370b697c384289395ec1b884e3288
Dariusz Michaluk [Fri, 22 Aug 2014 09:29:37 +0000 (11:29 +0200)]
Fix incorrect network configuration
[Feature] Fix incorrect network configuration.
[Cause] Incorrect network netmask, filter name, ip address.
[Solution] N/A
[Verification] Build, install on new minimal image, run tests.
Change-Id: Idc1ddcd06c73297581f778b78d392bc34020c3cc
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Piotr Bartosiewicz [Wed, 27 Aug 2014 09:44:41 +0000 (11:44 +0200)]
Fix possible UB in unit tests
[Bug/Feature] Possible use of destroyed object in case when timeout
was reached.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ie4cf064c4c5e5171079e836f1b4ca24b2962121c
Jan Olszak [Mon, 25 Aug 2014 14:03:05 +0000 (16:03 +0200)]
Tests of serialization to and from KVStore
[Bug/Feature] Tests of the serialization
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: If8fb03c39093847e607a5b0e7980a9f972053b56
Piotr Bartosiewicz [Thu, 21 Aug 2014 16:02:49 +0000 (18:02 +0200)]
Client library cleanup
[Bug/Feature] N/A
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Idd5feb3fe6ec78a9c3ad3ffbb5f26efda0abbaec
Jan Olszak [Wed, 20 Aug 2014 10:50:45 +0000 (12:50 +0200)]
Tests of a function for key creation
[Bug/Feature] Tests of key creation
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I4c7fbaec78dbba6f847e3c9275d62c3e4a4ef098
Mateusz Malicki [Thu, 14 Aug 2014 16:03:51 +0000 (18:03 +0200)]
Client library functions
[Feature] Add more functions to the client library.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run test suite Client
Change-Id: Ided49f0363c5bb94669c272fda745510cd21d985
Piotr Bartosiewicz [Tue, 19 Aug 2014 12:34:01 +0000 (14:34 +0200)]
[Unit tests] Handle segmentation faults
[Bug/Feature] No message was printed when unit tests was terminated by
some signal.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run good and crashing tests.
Change-Id: Ib8a8abae09e3dfa2d2badd8c78f87440eb834c4c
Jan Olszak [Mon, 11 Aug 2014 10:52:27 +0000 (12:52 +0200)]
Tests of storing non-string types in KVStore
[Bug/Feature] Types serializable to iostreams can be stored.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I4395d697620f6b8ea9e558edf620e35f797c6178
Mateusz Malicki [Mon, 4 Aug 2014 13:33:25 +0000 (15:33 +0200)]
Client library with C interface
[Feature] security-containers's client with c interface.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run test suite Client
Change-Id: Ic968e876806ce44751c95a9161ba8f497427aee8
Jacek Pielaszkiewicz [Fri, 27 Jun 2014 11:12:34 +0000 (13:12 +0200)]
Add libvirt network filter support to security-containers
[Feature] libvirt network filters implementation
[Cause] N/A
[Solution] - It was assumed that network filters are defined per
container.
- A new parameter networkFilterConfig has been added to
the container config file.
- Unit test have been updated due to a new configuration
parameter in the container confg file.
- "Network integration" tests for security-containers
have been implemented. The tests assume that
in the environment are two containers (Buisness and
Private). Both of them are mutually isolated and both
have the Internet access.
[Verification] Build, install, run tests
Signed-off-by: Jacek Pielaszkiewicz <j.pielaszkie@samsung.com>
Change-Id: Ibc08d85c1a362119fb71d80f66184a5c67b5c721
Jan Olszak [Tue, 5 Aug 2014 16:00:00 +0000 (18:00 +0200)]
Tests of the dynamic configuration in libConfig
[Bug/Feature] Dynamic configuration stored in a database
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I112701773ec555bca0521871e2066d84d727a00b
Jacek Pielaszkiewicz [Mon, 21 Jul 2014 15:09:35 +0000 (17:09 +0200)]
Extract common/log, common/dbus, common/config directories and create from them libraries.
[Bug/Feature] N/A
[Cause] N/A
[Solution] 1. The following directories have been extracted (removed):
- common/log
- common/dbus
- common/config
2. In place of the removed source code, security-containers is link
with the following libraries:
- libLogger
- libSimpleDbus
- libConfig
[Verification] Build, install, run tests
Change-Id: I9d0b1627638b401bb88e442dd9681a7943fe0b5d
Signed-off-by: Jacek Pielaszkiewicz <j.pielaszkie@samsung.com>
Piotr Bartosiewicz [Tue, 29 Jul 2014 10:33:10 +0000 (12:33 +0200)]
Fix client library installation
[Bug/Feature] Missing so versioning
[Cause] N/A
[Solution] N/A
[Verification] Build, install
Change-Id: I4f5c3715b177506c6c6e967512acf969944fa246
Jan Olszak [Fri, 25 Jul 2014 08:42:26 +0000 (10:42 +0200)]
Setting the active container through D-Bus
[Bug/Feature] D-Bus API for setting the active container
[Cause] N/A
[Solution] Added the new API
Added a common part of dbus definitions
[Verification] Build, install, run tests
Change-Id: I4be877c17751b6334e8d424ff64de8d884699ede
Piotr Bartosiewicz [Mon, 28 Jul 2014 09:06:13 +0000 (11:06 +0200)]
Fix invalid use of glib loop in unit tests
[Bug/Feature] Memleak in unit tests
[Cause] Glib loop was started twice
[Solution] N/A
[Verification] Build, install, run tests under valgrind
Change-Id: I7407a0211e141143b3828cf1784f3a2a5ac3f5b3
Jan Olszak [Tue, 22 Jul 2014 15:25:20 +0000 (17:25 +0200)]
API for obtaining container's IDs
[Bug/Feature] D-Bus API for getting the ID of the active container
D-Bus API for getting the IDs of all containers
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I03081e3dc5e275f9c0d5c6b5a6cacfef38c5adff
Piotr Bartosiewicz [Wed, 23 Jul 2014 10:56:47 +0000 (12:56 +0200)]
Dbus API for sharing containers DBuses
[Bug/Feature] New method on host dbus interface for getting list of
containers dbus addresses and new signals when
containers dbus become available or unavailable.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ib37d47c8e2ffbdca58828c542d7b474e068ca138
Piotr Bartosiewicz [Thu, 24 Jul 2014 08:22:03 +0000 (10:22 +0200)]
Fix dependency problem in spec
[Bug/Feature] Build break
[Cause] Dependency version not match
[Solution] N/A
[Verification] Build with gbs
Change-Id: I0b1a93d293364edea18b15b58cb61fa998674960
Piotr Bartosiewicz [Wed, 23 Jul 2014 14:18:43 +0000 (16:18 +0200)]
Release version 0.1.1
Change-Id: I0fdb371060d86446141700c60958d165cbf44d88
Piotr Bartosiewicz [Tue, 15 Jul 2014 13:24:26 +0000 (15:24 +0200)]
Dbus proxy call support
[Bug/Feature] Introduce the API for communication between services
inside container and services in host. SCS works as a
router/proxy enabling host <-> container and container
<-> container dbus calls.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ia85a7c0234880069653d1a8596dbc240fa7b3f76
Piotr Bartosiewicz [Tue, 15 Jul 2014 14:51:26 +0000 (16:51 +0200)]
Dbus async method call handler
[Bug/Feature] Enable deferred set of result in dbus method handler.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I11b3abe0886bc560f8b63f6206c64695f2f7eb1a
Piotr Bartosiewicz [Fri, 11 Jul 2014 14:38:19 +0000 (16:38 +0200)]
Dbus async method call
[Bug/Feature] Async version of dbus method call added.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I90bb5d1816a95f9619e2a4b88dd63c9ebd4b64da
Lukasz Kostyra [Mon, 14 Jul 2014 10:33:03 +0000 (12:33 +0200)]
Update input monitor configuration sequence
[Bug] Input monitor detected double-pressing, which caused errors.
[Cause] Some systems already used double-press as a pattern.
[Solution] Change input sequence from double press to triple press.
[Verification] Build, install, run SCS with -l TRACE.
Run journalctl --unit=security-containers --follow -l
Press "HOME" key three times quickly - you should see entries:
"Event sequence detected"
"Input monitor detected pattern"
"switchingSequenceMonitorNotify() called"
Change-Id: I52850851f1c72326d50b796d651886c7eec3406c
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Piotr Bartosiewicz [Tue, 8 Jul 2014 09:31:31 +0000 (11:31 +0200)]
Containers support package
[Bug/Feature] New package to be installed in every container. It
replaces image-skel dir.
[Cause] N/A
[Solution] N/A
[Verification] Build, install container-support and container-daemon
inside container, install rest packages on host, verify
scs works.
Change-Id: Ia03a6481d1fe72375cec751701ac9eba1d6cc97c
Lukasz Kostyra [Tue, 1 Jul 2014 13:08:26 +0000 (15:08 +0200)]
Add flag in container config allowing switch to default after timeout
[Feature] Flag in container config which allows switching to default container when timeout
occurs.
[Cause] Some containers might want to forbid switching to default container after timeout.
[Solution] Add flag switchToDefaultAfterTimeout allowing such switch in container config.
[Verification] Build, install, run tests. All should pass.
Change-Id: Icdcfc007c0a11126fe243988878a2c918d6bdf13
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Michal Witanowski [Fri, 4 Jul 2014 13:02:46 +0000 (15:02 +0200)]
Fix executable path in systemd service configuration
[Bug/Feature] N/A
[Cause] "usr" path varies between platforms.
[Solution] Generate daemon service path at build time.
[Verification] Build and install. Check if value of "ExecStart" in
/usr/lib/systemd/system/security-containers.service
is valid server executable path.
Change-Id: I7cd1bbcaedc3ad2e256c4bbe4210886ba6262813
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
Dariusz Michaluk [Thu, 10 Jul 2014 07:10:07 +0000 (09:10 +0200)]
Fix path to the dbus-daemon
[Bug/Feature] Fix path to the dbus-daemon
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests, run daemon
Change-Id: I9d8006b238bdf8ad22675c618213c10931938b0f
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Michal Witanowski [Mon, 12 May 2014 09:35:20 +0000 (11:35 +0200)]
Run Security Containers Server as non root user
[Bug/Feature] Drop root privileges of the server during startup.
[Solution] * User "security-containers" has been added to the
"libvirt" group.
* CAP_SYS_ADMIN and CAP_MAC_OVERRIDE capabilities have
been provided using libcap-ng.
[Verification] 1. Make sure that "security-containers" user (with UID
== 377) exists in the conainers. If no, execute:
chroot /path/to/container /bin/bash \
-c "useradd -r security-containers -u 377"
2. Run tests.
3. Start SCS service as root (directly or via systemd
service). Verify /proc/<PID>/status of the process:
* Uid == 377
* CapPrm == CapEff ==
0000000000200000
* Groups: <libvirt group ID>, <input group>
4. Run the service with "--root" option. Remember to
change policy in dbus configuration file
"etc/dbus-1/system.d/com.samsung.containers.conf"
from "security-containers" to "root".
5. Trigger update (via sending SIGUSR1) and check if
UID, groups and capabilities set did not change.
NOTE: Latest libvirt (from "tizen" branch on
tizen.org) is required.
Change-Id: Idfda05fb081ca48193b19a99a6628cf14ec4bf57
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
Michal Witanowski [Wed, 11 Jun 2014 09:36:00 +0000 (11:36 +0200)]
Add image configuration tests
[Bug/Feature] Integration tests verifying containers' images
completeness. If the tests fail, the containers will
most probably not run under SCS.
The following elements are checked:
* existence of "security-containers" user with UID
of 377
* existence and correctness of dbus configuration
("security-containers" should be allowed to use
"org.tizen.containers.domain" socket)
The names and paths to the containers' root file
systems are extracted from SCS daemon and libvirt
configs (/etc/security-containers/).
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests (sc_int_tests.py). Check
various scenarios: remove or corrupt dbus config
(etc/dbus-1/system.d/org.tizen.containers.domain.conf)
or libvirt's XML config, remove "security-containers"
user inside a container, change it's UID, etc.
Change-Id: I69782f348ecb1c6b63a60286a3a8ee4ae3f8465b
Signed-off-by: Michal Witanowski <m.witanowski@samsung.com>
Piotr Bartosiewicz [Thu, 3 Jul 2014 10:24:29 +0000 (12:24 +0200)]
Connection to the hosts system dbus
[Bug/Feature] Introduce hosts dbus connection
[Cause] It's required by MDM and other hosts services
[Solution] N/A
[Verification] Build, install, run tests, run daemon
Change-Id: Ia88b249a00dff8674cd8387d08e05f3115c36912
Lukasz Kostyra [Fri, 4 Jul 2014 12:39:17 +0000 (14:39 +0200)]
Destroy libvirt domains with signal
[Feature] Libvirt now destroys its domains with signal.
[Cause] Destroying a domain in other way requires setns, which might not be available on
some systems.
[Solution] Tell libvirt to destroy a domain with signal.
[Verification] Build, install, run tests. All should pass.
Change-Id: I9d990488dd9a049feba2c02b070be2e4320029db
Lukasz Pawelczyk [Thu, 12 Jun 2014 08:12:41 +0000 (10:12 +0200)]
A DBUS API to move the files between containers
[Bug/Feature] Add an ability for a container to request a file move to another container.
Some minor fixes here and there.
Added missing tests for utils/fs.
A little revamp of DbusAccessory in ut-cm tests.
[Cause] N/A
[Solution] Implement a DBUS API and a simple move implementation.
[Verification] Build, install, run tests, run server.
Change-Id: I881f7b6079e38e3dd43d6fe34360457172047c2c
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Mateusz Malicki [Wed, 2 Jul 2014 07:08:06 +0000 (09:08 +0200)]
Fixed path in test configuration file removed
[Bug/Feature] Tests don't work on some installations
[Cause] There is a fixed path in test configuration file
[Solution] Remove fixed path in test configuration file
[Verification] Build, install, run test ContainersManagerSuite
Change-Id: Icd7bff311d2d1e9e982bbee8d577247fb66da1a4
Piotr Bartosiewicz [Tue, 1 Jul 2014 11:09:08 +0000 (13:09 +0200)]
Rename dbus interface name
[Bug/Feature] Rename interface name from 'com.samsung' to 'org.tizen'
[Cause] This is not a proprietary code
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I39cf5b5fc74b0f01e8678fab3a2ba02bc87c7ade
Dariusz Michaluk [Mon, 30 Jun 2014 14:30:39 +0000 (16:30 +0200)]
Fix RPM build error
[Bug/Feature] RPM build error.
[Cause] Installed but unpackaged files found.
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Icd4f2703d0d507ecafd795c623439393151f3675
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Lukasz Kostyra [Thu, 12 Jun 2014 13:31:19 +0000 (15:31 +0200)]
Dbus API for "Display Off" signal
[Feature] - API in Dbus to handle "Display Off" signal.
- Switching to default container when "Display Off" signal occurs.
[Cause] SC must properly react when device is inactive for some time.
[Solution] Create a Dbus API for Display Off signal. Use this event to switch to default
container.
[Verification] Build, install, run ContainersManagerSuite and ContainerConnectionSuite tests. Both
suites should pass.
Change-Id: I34e0178cd9d8efbbdad92e1f2d69f4c32b41f779
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Mateusz Malicki [Mon, 9 Jun 2014 11:03:34 +0000 (13:03 +0200)]
Dispatching container notifications
[Bug/Feature] Dispatching container notifications witch unit test
[Cause] Container should be informed about other containers notification
[Solution] Send dbus signal to other container
[Verification] Build, install, launch "sc_launch_test.py security-containers-server-unit-tests -t
ContainersManagerSuite/NotifyActiveContainerTest"
Change-Id: Ia101dee022e59ea7aef74e030eb3902a70c9f526
Piotr Bartosiewicz [Thu, 12 Jun 2014 08:41:51 +0000 (10:41 +0200)]
Manage containers networking
[Bug/Feature] Add possibility to manage and configure network for each
container.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests, run server
Change-Id: I215a548d66cf6d900f08af5c14c5f7746949445f
Jan Olszak [Tue, 3 Jun 2014 07:49:07 +0000 (09:49 +0200)]
Various changes to InputMonitor
[Bug/Feature] InputMonitor had to be corrected
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: Ibb7f71da0cfc19dad943a9e69badda3b6d866d70
Signed-off-by: Jan Olszak <j.olszak@samsung.com>
Lukasz Kostyra [Fri, 30 May 2014 07:52:37 +0000 (09:52 +0200)]
Add framework for integration tests
[Feature] Framework for integration tests in security-containers.
[Cause] Integration tests in python are to be added to security-containers.
[Solution] Add framework for integration tests using Python's unittest module.
[Verification] Successful build and installation.
Change-Id: I8812f044215fb282de90c1a906a9e433c545f046
Signed-off-by: Lukasz Kostyra <l.kostyra@samsung.com>
Piotr Bartosiewicz [Thu, 5 Jun 2014 14:42:06 +0000 (16:42 +0200)]
Configuration refactor
[Bug/Feature] N/A
[Cause] N/A
[Solution] - make configuration more modular
- decouple configuration structs from serialization
stuff
- add missing error checks
- add strict type checking while parsing json
[Verification] Build, install, run tests, run daemon
Change-Id: I8af518a6fd5f4c325c338980578202cb0fe8789d
Lukasz Pawelczyk [Fri, 6 Jun 2014 11:18:11 +0000 (13:18 +0200)]
Add UUID to the libvirt test xml strings
[Bug/Feature] Make those configs redefine automatically.
[Cause] If the test crashes/fails it can happen that something
won't get undefined effectively blocking further tests.
[Solution] Adding an UUID makes libvirt redefine automatically.
Same thing has been done previously for other configs.
[Verification] Built and run tests.
Change-Id: I865baf8e433c0df7321f46167be44f18d653c722
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Lukasz Pawelczyk [Tue, 3 Jun 2014 11:42:00 +0000 (13:42 +0200)]
Fix the stopping of the container in the ContainerSuite tests
[Bug/Feature] The test took 10 seconds cause we issued a stop command
before the container had a chance to start, effectively ignoring
the stop command. The 10 seconds timeout triggered after which
the container had been destroyed.
[Cause] There is no proper way to know that the system inside the
container has booted.
[Solution] Add some small timeout to allow the container to start properly.
Same thing is done in ContainerAdminSuite. There doesn't seem to
be a better way for that.
[Verification] Built, installed and run the tests.
Change-Id: I837588f93b335adab4ac5561b3a686af602e0c15
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Dariusz Michaluk [Tue, 3 Jun 2014 09:54:17 +0000 (11:54 +0200)]
Make the code compatible with older glib versions
[Bug/Feature] Make the code compatible with older glib versions.
[Cause] N/A
[Solution] Specific define for older glib versions.
[Verification] Built and run tests.
Change-Id: I65a16393fe3c266ca1b27bea166b1d2b2a41d0be
Signed-off-by: Dariusz Michaluk <d.michaluk@samsung.com>
Lukasz Pawelczyk [Fri, 23 May 2014 12:20:11 +0000 (14:20 +0200)]
Make the code compatible with more compilers
[Bug/Feature] Make the code compatible with more compilers.
[Cause] N/A
[Solution] Redefine some C++11 keywords.
Remove some specific C++11 constructs not found in C++0x.
Specific defines for various compilers and their versions.
[Verification] Built with GCC 4.6, GCC 4.8 and CLANG 3.4 and run tests.
Change-Id: I5ce7c2c3ca4372ec79b41facb1793c7df5b1f6b0
Signed-off-by: Lukasz Pawelczyk <l.pawelczyk@partner.samsung.com>
Jan Olszak [Mon, 2 Jun 2014 14:20:54 +0000 (16:20 +0200)]
Fix of InputMonitor rebase
[Bug/Feature] Unit tests changed directories.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests
Change-Id: I6817a8bed4ca74e7ebe27cf87f6793da04853699
Signed-off-by: Jan Olszak <j.olszak@samsung.com>
Pawel Broda [Tue, 20 May 2014 08:36:57 +0000 (10:36 +0200)]
Input monitor
[Feature] Monitoring of events on input device files.
[Cause] There is no possibility to use *home button* in
native apps (there is no API for that).
[Solution] *Input monitor* class is added. It allows to
watch events on given device (not only *home button*).
When a pattern given in .conf file is recognized,
appropriate action is taken (i.e. callback).
[Verification] Compiled, built and run.
Conflicts:
common/utils/fs.cpp
common/utils/fs.hpp
server/containers-manager.hpp
Change-Id: I7bddd917e6da8d70c26c4188a640638669430619
Signed-off-by: Pawel Broda <p.broda@partner.samsung.com>
Signed-off-by: Jan Olszak <j.olszak@samsung.com>
Jan Olszak [Fri, 30 May 2014 16:14:51 +0000 (18:14 +0200)]
Libvirt network wrapper
[Bug/Feature] A wrapper for libvirt' network
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests.
Change-Id: I0997f846132cc29035b144705ff4a4835a3dad01
Jan Olszak [Wed, 28 May 2014 15:14:53 +0000 (17:14 +0200)]
Moving to boost::filesystem
[Bug/Feature] Some file system related functions are needed.
[Cause] N/A
[Solution] Deleted functions already implemented in boost:filesystem
[Verification] Build, install, run tests
Change-Id: Ic4e2c6fadecee739fde62c89bd441abd53d13390
Signed-off-by: Jan Olszak <j.olszak@samsung.com>
Piotr Bartosiewicz [Fri, 30 May 2014 09:14:15 +0000 (11:14 +0200)]
Remove dead code in python test script
[Bug/Feature] There is no need to colorize logs by script anymore
since it is done by console log backend.
[Cause] N/A
[Solution] N/A
[Verification] Build, install, run tests, verify that logs are colored.
Change-Id: Ie9b0acfa230d4b59184ca662256a51a4fec00e43