[libvirt] [PATCH] storage: fix scsi detach regression with cgroup ACLs
Eric Blake
eblake at redhat.com
Fri Nov 30 16:47:48 UTC 2012
> > https://bugzilla.redhat.com/show_bug.cgi?id=876828
> >
> > Commit 38c4a9cc introduced a regression in hot unplugging of disks
> > from qemu, where cgroup device ACLs were no longer being revoked
> > (thankfully not a security hole: cgroup ACLs only prevent open()
> > of the disk; so reverting the ACL prevents future abuse but doesn't
> > stop abuse from an fd that was already opened before the ACL
> > change).
> >
> > Commit 1b2ebf95 overlooked that there were two spots affected.
> >
>
> ACK
Thanks; pushed.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list