[libvirt] [PATCH] storage: fix scsi detach regression with cgroup ACLs

Jiri Denemark jdenemar at redhat.com
Fri Nov 30 13:07:04 UTC 2012

On Thu, Nov 29, 2012 at 14:48:41 -0700, Eric Blake wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=876828
> Commit 38c4a9cc introduced a regression in hot unplugging of disks
> from qemu, where cgroup device ACLs were no longer being revoked
> (thankfully not a security hole: cgroup ACLs only prevent open()
> of the disk; so reverting the ACL prevents future abuse but doesn't
> stop abuse from an fd that was already opened before the ACL change).
> Commit 1b2ebf95 overlooked that there were two spots affected.
> * src/qemu/qemu_hotplug.c (qemuDomainDetachDiskDevice):
> Transfer backing chain before deletion.
> * src/qemu/qemu_driver.c (qemuDomainDetachDeviceDiskLive): Fix
> spacing (partly to ensure a different-looking patch).
> ---
> I blame git for letting me find this - I did a 'pull --rebase' on
> top of libvirt.git, and noticed that my working patch was still
> on the tree - it turns out that the hunk for qemu_hotplug.c is
> _identical_ except for the context of the function name needing
> a fix.  I still wish git would be more vocal when it finds an
> alternate place to apply a patch when function names don't match.



More information about the libvir-list mailing list