[libvirt] CVE-2013-6456 Re: [PATCHv2 0/7] lxc: honor mount namespaces
Gao feng
gaofeng at cn.fujitsu.com
Wed Jan 8 01:32:25 UTC 2014
On 01/07/2014 12:18 PM, Eric Blake wrote:
> On 12/24/2013 06:45 AM, Reco wrote:
>> On Tue, 24 Dec 2013 06:29:11 -0700
>> Eric Blake <eblake at redhat.com> wrote:
>>
>>> diff --git i/src/util/virprocess.c w/src/util/virprocess.c
>>> index c99b75a..e069483 100644
>>> --- i/src/util/virprocess.c
>>> +++ w/src/util/virprocess.c
>>> @@ -879,7 +879,7 @@ virProcessRunInMountNamespace(pid_t pid,
>>> goto cleanup;
>>> }
>>>
>>> - if ((cpid = virFork() < 0))
>>> + if ((cpid = virFork()) < 0)
>>> goto cleanup;
>>> if (cpid == 0) {
>>> /* child */
>>
>> Thanks, that solves it. With this extra patch libvirtd writes to the
>> container's /dev/initctl only and terminates child process only.
>
> Thanks again for the functional review. I'm still waiting for a code
> review from anyone willing, since this does fix a security issue and I
> don't want to introduce an unintentional regression. And I guess
> there's still the need to fix the access to the namespace /dev during
> device hotplog...
>
Yes, device hotplug has the same problem.
ACK to this serial.
Thanks!
More information about the libvir-list
mailing list