Re: [PATCH] [RFC] virSetUIDGID: Don't leak supplementary groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 24, 2015 at 11:19 AM, Martin Kletzander <mkletzan@xxxxxxxxxx> wrote:
> On Tue, Jun 23, 2015 at 01:48:42PM +0200, Richard Weinberger wrote:
>>
>> The LXC driver uses virSetUIDGID() to become UID/GID 0.
>> It passes an empty groups list to virSetUIDGID()
>> to get rid of all supplementary groups from the host side.
>> But virSetUIDGID() calls setgroups() only if the supplied list
>> is larger than 0.
>> This leads to a container root with unrelated supplementary groups.
>> In most cases this issue is unoticed as libvirtd runs as UID/GID 0
>> without any supplementary groups.
>>
>> Signed-off-by: Richard Weinberger <richard@xxxxxx>
>> ---
>> I've marked that patch as RFC as I'm not sure if all users of
>> virSetUIDGID()
>> expect this behavior too.
>>
>
> I went through the callers and I see no reason why setgroups should
> not be called.  ACK.  I also can't think of a use case in which we'd
> like to keep the supplemental groups.

Ping?

-- 
Thanks,
//richard

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]