[libvirt] [PATCH 0/3] Restrict saved-state and core-dump files in controlled directories
Hong Xiang
hxiang at linux.vnet.ibm.com
Tue Oct 25 07:43:19 UTC 2011
This patch series tries to address the issue discussed in:
https://www.redhat.com/archives/libvir-list/2011-September/msg01025.html
In this series:
. The filename parameter for virDomainSave[Flags], virDomainRestore[Flags],
virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML, and
virDomainCoreDump, is interpreted as an ID;
. The file ID is later translated to a real filesystem pathname by
corresponding drivers;
. The real file system paths are under controlled directories, different
for saved-state-files and core-dumps, respectively;
Hong Xiang (3):
New util API virBase64EncodePathname/virBase64DecodePathname
Remove virFileAbsPath() from virDomainSave*() and virDomainCoreDump()
calls
Encode input file id in qemuDomainSave/Restore and
qemudDomainCoreDump
src/libvirt.c | 84 +++------------------------------------
src/libvirt_private.syms | 2 +
src/qemu/qemu_conf.h | 3 +
src/qemu/qemu_driver.c | 98 +++++++++++++++++++++++++++++++++++++++++++--
src/util/util.c | 73 ++++++++++++++++++++++++++++++++++
src/util/util.h | 4 ++
6 files changed, 182 insertions(+), 82 deletions(-)
More information about the libvir-list
mailing list