[libvirt] [PATCH] LXC: fix order in virProcessGetNamespaces
Daniel P. Berrange
berrange at redhat.com
Thu Jun 6 08:08:30 UTC 2013
On Thu, Jun 06, 2013 at 09:58:28AM +0200, Richard Weinberger wrote:
> Am 06.06.2013 09:53, schrieb Daniel P. Berrange:
> >On Wed, Jun 05, 2013 at 11:23:07PM +0200, Richard Weinberger wrote:
> >>virProcessGetNamespaces() opens files in /proc/XXX/ns/ which will
> >>later be passed to setns().
> >>We have to make sure that the file descriptors in the array are in the correct
> >>order. Otherwise setns() may fail.
> >
> >What is the scenario / cause of the failure ?
>
> You cannot attach to namespaces in random order.
> For example with user namespaces an unprivileged can enter other namespaces.
> But to do so you have to enter the user namespace first and then
> the other ones.
Ok, that kind of makes sense, ACK to the patch. I'll update the commit
message with this information.
> Same for mnt and pid, if you enter the mnt namespace before pid
> your procfs will go nuts.
That shouldn't affect us since we don't need to access procfs at all
during the loop where we call setns().
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list