[libvirt] PATCH 2/4: AppArmor updates

Daniel P. Berrange berrange at redhat.com
Mon Aug 16 16:14:23 UTC 2010 

On Fri, Aug 13, 2010 at 04:59:30PM -0500, Jamie Strandboge wrote:
> Attached is 0002-apparmor-chardev.patch
> 
> -- 
> Jamie Strandboge             | http://www.canonical.com

> Author: Jamie Strandboge <jamie at canonical.com>
> Description: fix serial ports, parallel ports and channels
> Forwarded: yes
> Bug-Ubuntu: LP: #578527, LP: #609055
> 
> Index: libvirt-0.8.3/src/security/virt-aa-helper.c
> ===================================================================
> --- libvirt-0.8.3.orig/src/security/virt-aa-helper.c	2010-08-12 12:00:04.000000000 -0500
> +++ libvirt-0.8.3/src/security/virt-aa-helper.c	2010-08-12 12:00:04.000000000 -0500
> @@ -877,13 +877,27 @@
>      for (i = 0; i < ctl->def->nserials; i++)
>          if (ctl->def->serials[i] && ctl->def->serials[i]->data.file.path)
>              if (vah_add_file(&buf,
> -                             ctl->def->serials[i]->data.file.path, "w") != 0)
> +                             ctl->def->serials[i]->data.file.path, "rw") != 0)
>                  goto clean;
>  
>      if (ctl->def->console && ctl->def->console->data.file.path)
> -        if (vah_add_file(&buf, ctl->def->console->data.file.path, "w") != 0)
> +        if (vah_add_file(&buf, ctl->def->console->data.file.path, "rw") != 0)
>              goto clean;
>  
> +    for (i = 0 ; i < ctl->def->nparallels; i++)
> +        if (ctl->def->parallels[i] && ctl->def->parallels[i]->data.file.path)
> +            if (vah_add_file(&buf,
> +                             ctl->def->parallels[i]->data.file.path,
> +                             "rw") != 0)
> +                goto clean;
> +
> +    for (i = 0 ; i < ctl->def->nchannels; i++)
> +        if (ctl->def->channels[i] && ctl->def->channels[i]->data.file.path)
> +            if (vah_add_file(&buf,
> +                             ctl->def->channels[i]->data.file.path,
> +                             "rw") != 0)
> +                goto clean;

You can't blindly de-reference   data.file.path  - The 'file' struct
is inside a union and is only valid for certain types of character 
device VIR_DOMAIN_CHR_TYPE_PTY, TYPE_DEV, TYPE_FILE and TYPE_PIPE.
The existing code for serial devices is broken too & can crash due
to this

Regards,
Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list