Because current firewalld version is too old(< 0.7.0) to support
the rule priority setting in the libvirt zone file, so we should
add --without-firewalld-zone to configure commandline.
More info can be found in the following link:
https://github.com/libvirt/libvirt/commit/3b71f2e4.
Signed-off-by: Alex Chen <alex.chen@huawei.com>
rpc: gendispatch: handle empty flags
rpc: add support for filtering @acls by uint params
rpc: require write acl for guest agent in virDomainInterfaceAddresses
qemu: agent: set ifname to NULL after freeing
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Add a requirement for domain:write if source is set to
VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT.
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit e4116eaa44cb366b59f7fe98f4b88d04c04970ad
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Add a new field to @acl annotations for filtering by
unsigned int parameters.
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit 50864dcda191eb35732dbd80fb6ca251a6bba923
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
CVE-2020-25637
Prepare for omission of the <flagname> in remote_protocol.x
@acl annotations:
@acl: <object>:<permission>:<flagname>
so that we can add more field after, e.g.:
@acl: <object>:<permission>::<field>
Signed-off-by: Jan Tomko <jtomko@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
cherry-pick from commit 955029bd0ad7ef96000f529ac38204a8f4a96401
Signed-off-by: Jiajie Li <lijiajie11@huawei.com>
