[libvirt] [PATCH 0/8 v3] Avoid unsafe usage of /proc/$PID/root in LXC driver

Daniel P. Berrange berrange at redhat.com
Mon Feb 17 16:38:55 UTC 2014


An update of

  https://www.redhat.com/archives/libvir-list/2014-February/msg00401.html

Eric had previously suggested that we could have our fork helper pass
by a pre-opened file descriptor and then label that, so we can move
the labelling code out of the subprocess. While I believe that is
technically possible, it plays havoc with the security driver APIs.
We'd basically have to create an entire new set of APIs that take
an FD instead of path / object in virSecurityManager. I don't think
that's a net win in terms of complexity added.

Considering what we're running in the fork helper

  - We're Linux only so can rely on sane glibc malloc behaviour
  - We're already using security manager calls in the QEMU
    driver fork helper
  - We've protected the logging + error APIs in virFork

So I think we'll get away with bending the POSIX rules on async
safe functions in this instance.

Changes in this version

 - Avoid use of virCgroupAllowDeviceByPath where we
   already have the major/minor number
 - Avoid overwriting errors set by virCgroupAllow*
 - Use return value check of < 0  instead of != 0
 - Other misc typos Eric mentioned

Daniel P. Berrange (7):
  Add virFileMakeParentPath helper function
  Add helper for running code in separate namespaces
  Avoid unsafe use of /proc/$PID/root in LXC disk hotplug
  Avoid unsafe use of /proc/$PID/root in LXC USB hotplug
  Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug
  Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug
  Avoid unsafe use of /proc/$PID/root in LXC hotunplug code

Eric Blake (1):
  Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code

 src/libvirt_private.syms |   2 +
 src/lxc/lxc_driver.c     | 507 ++++++++++++++++++++++++-----------------------
 src/util/virfile.c       |  27 +++
 src/util/virfile.h       |   1 +
 src/util/virinitctl.c    |  26 +--
 src/util/virinitctl.h    |   5 +-
 src/util/virprocess.c    | 107 ++++++++++
 src/util/virprocess.h    |  11 +
 8 files changed, 418 insertions(+), 268 deletions(-)

-- 
1.8.5.3




More information about the libvir-list mailing list