[libvirt] CVE-2013-6456 Re: [PATCHv2 0/7] lxc: honor mount namespaces
Reco
recoverym4n at gmail.com
Tue Dec 24 13:45:54 UTC 2013
On Tue, 24 Dec 2013 06:29:11 -0700
Eric Blake <eblake at redhat.com> wrote:
> diff --git i/src/util/virprocess.c w/src/util/virprocess.c
> index c99b75a..e069483 100644
> --- i/src/util/virprocess.c
> +++ w/src/util/virprocess.c
> @@ -879,7 +879,7 @@ virProcessRunInMountNamespace(pid_t pid,
> goto cleanup;
> }
>
> - if ((cpid = virFork() < 0))
> + if ((cpid = virFork()) < 0)
> goto cleanup;
> if (cpid == 0) {
> /* child */
Thanks, that solves it. With this extra patch libvirtd writes to the
container's /dev/initctl only and terminates child process only.
Reco
More information about the libvir-list
mailing list