[PATCH v1 01/34] virDevMapperGetTargetsImpl: Close /dev/mapper/control in the end
mprivozn at redhat.com
Wed Jul 22 09:39:55 UTC 2020
When building domain's private /dev in a namespace, libdevmapper
is consulted for getting full dependency tree of domain's disks.
The reason is that for a multipath devices all dependent devices
must be created in the namespace and allowed in CGroups.
However, this approach is very fragile as building of namespace
happens in the forked off child process, after mass close of FDs
and just before dropping privileges and execing QEMU. And it so
happens that when calling libdevmapper APIs, one of them opens
/dev/mapper/control and saves the FD into a global variable. The
FD is kept open until the lib is unlinked or dm_lib_release() is
called explicitly. We are doing neither.
This is not a problem when calling the function from libvirtd
(when setting up CGroups), but it is a problem when called from
the pre-exec hook because we leak the FD into QEMU.
Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
src/util/virdevmapper.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
index 40a82285f9..1c216fb6c1 100644
@@ -156,6 +156,7 @@ virDevMapperGetTargetsImpl(const char *path,
More information about the libvir-list