[libvirt] [PATCH 10/14] Avoid unsafe use of /proc/$PID/root in LXC disk hotplug
Daniel P. Berrange
berrange at redhat.com
Mon Feb 10 11:04:15 UTC 2014
On Fri, Feb 07, 2014 at 11:22:12AM -0700, Eric Blake wrote:
> On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
> My overall thoughts:
>
> If we had a way to do _just_ the mknod, then open the file, and pass the
> fd back to the parent, then do labeling on the fd from the parent
> context (rather than on the path in the child context), it would make
> for a smaller child action easier to audit. But I'm not sure that would
> get the labeling right - it looks like we have to label the actual path
> name in the child. Or even if selinux took a leaf from openat() and
> friends, and gave us the ability to do actions on a name relative to an
> fd, then all we'd need to do is fork, change namespace, open the fd of
> the container directory, pass that back, then do the remaining options
> in the parent, where life is much easier.
The FD passing idea is interesting. I think I will explore that idea
further to see if it is viable before we finalize this.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list