[libvirt] [PATCHv2 2/2] security_dac: compute supplemental groups before fork
Eric Blake
eblake at redhat.com
Thu Jul 18 13:16:53 UTC 2013
On 07/18/2013 06:46 AM, Michal Privoznik wrote:
> On 18.07.2013 01:08, Eric Blake wrote:
>> Commit 75c1256 states that virGetGroupList must not be called
>> between fork and exec, then commit ee777e99 promptly violated
>> that for lxc's use of virSecurityManagerSetProcessLabel. Hoist
>> the supplemental group detection to the time that the security
>> manager is created. Qemu is safe, as it uses
>> virSecurityManagerSetChildProcessLabel which in turn uses
>> virCommand to determine supplemental groups.
>>
>> - if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr)) <= 0)
>> + if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr)) <= 0) {
>> + if (groups)
>> + *groups = NULL;
>> + if (ngroups)
>> + ngroups = 0;
>
> I believe you wanted *ngroups = 0; in here.
>
Indeed. I blame C for treating 0 and NULL interchangeably.
>
> ACK series, but see the issue I'm raising in 2/2.
Thanks; I'll push after fixing that typo.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130718/a10d4076/attachment-0001.sig>
More information about the libvir-list
mailing list