[libvirt] [PATCH] storage: fix device detach regression with cgroup ACLs
Eric Blake
eblake at redhat.com
Tue Nov 27 15:15:58 UTC 2012
> On 11/27/12 15:04, Eric Blake wrote:
> > https://bugzilla.redhat.com/show_bug.cgi?id=876828
> >
> > Commit 38c4a9cc introduced a regression in hot unplugging of disks
> > from qemu, where cgroup device ACLs were no longer being revoked
> > (thankfully not a security hole: cgroup ACLs only prevent open()
> > of the disk; so reverting the ACL prevents future abuse but doesn't
> > stop abuse from an fd that was already opened before the ACL
> > change).
> >
> > src/qemu/qemu_hotplug.c | 2 ++
> > 1 files changed, 2 insertions(+), 0 deletions(-)
> >
>
> ACK.
Thanks; pushed. [And pardon me if this web-mail interface breaks
threading; I'm still recovering from a failed hard drive on the machine
where I normally send mail. Thank goodness that git is distributed,
so I didn't lose everything I had been working on, but it was
definitely an unplanned setback...]
More information about the libvir-list
mailing list