[libvirt] [PATCHv2 2/2] security_dac: compute supplemental groups before fork

Michal Privoznik mprivozn at redhat.com
Thu Jul 18 13:29:08 UTC 2013


On 18.07.2013 15:16, Eric Blake wrote:
> On 07/18/2013 06:46 AM, Michal Privoznik wrote:
>> On 18.07.2013 01:08, Eric Blake wrote:
>>> Commit 75c1256 states that virGetGroupList must not be called
>>> between fork and exec, then commit ee777e99 promptly violated
>>> that for lxc's use of virSecurityManagerSetProcessLabel.  Hoist
>>> the supplemental group detection to the time that the security
>>> manager is created.  Qemu is safe, as it uses
>>> virSecurityManagerSetChildProcessLabel which in turn uses
>>> virCommand to determine supplemental groups.
>>>
> 
>>> -    if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr)) <= 0)
>>> +    if ((ret = virSecurityDACParseIds(def, uidPtr, gidPtr)) <= 0) {
>>> +        if (groups)
>>> +            *groups = NULL;
>>> +        if (ngroups)
>>> +            ngroups = 0;
>>
>> I believe you wanted *ngroups = 0; in here.
>>
> 
> Indeed.  I blame C for treating 0 and NULL interchangeably.
> 
>>
>> ACK series, but see the issue I'm raising in 2/2.
> 
> Thanks; I'll push after fixing that typo.
> 

In fact, gcc warned me about possibly unused variable:

security/security_dac.c: In function 'virSecurityDACSetProcessLabel':
security/security_dac.c:1038:21: error: 'ngroups' may be used uninitialized in this function [-Werror=maybe-uninitialized]
     if (virSetUIDGID(user, group, groups, ngroups) < 0)
                     ^
security/security_dac.c: At top level:
cc1: error: unrecognized command line option "-Wno-unused-command-line-argument" [-Werror]
cc1: all warnings being treated as errors

Truth is, I'm using the most recent gcc (4.8.1). Which is both advantage and disadvantage. One hand, I can catch errors like these, on the other hand, the gcc bug in static analysis has been fixed. The bug, where local variable 'shadows' global function. This is NOT what I call shadowing.

Michal




More information about the libvir-list mailing list