[libvirt] [PATCH 10/14] Avoid unsafe use of /proc/$PID/root in LXC disk hotplug

Daniel P. Berrange berrange at redhat.com
Mon Feb 10 11:04:15 UTC 2014


On Fri, Feb 07, 2014 at 11:22:12AM -0700, Eric Blake wrote:
> On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
> My overall thoughts:
> 
> If we had a way to do _just_ the mknod, then open the file, and pass the
> fd back to the parent, then do labeling on the fd from the parent
> context (rather than on the path in the child context), it would make
> for a smaller child action easier to audit.  But I'm not sure that would
> get the labeling right - it looks like we have to label the actual path
> name in the child.  Or even if selinux took a leaf from openat() and
> friends, and gave us the ability to do actions on a name relative to an
> fd, then all we'd need to do is fork, change namespace, open the fd of
> the container directory, pass that back, then do the remaining options
> in the parent, where life is much easier.

The FD passing idea is interesting. I think I will explore that idea
further to see if it is viable before we finalize this.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list