On 02/29/2016 08:33 AM, Daniel P. Berrange wrote:
> Currently the file based character devices let QEMU write
> directly to a file on disk. This allows a malicious QEMU
> to inflict a denial of service by consuming all free space.
>
> Switch QEMU to use a pipe to virtlogd, which will enforce
> file rollover.
>
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
> src/qemu/qemu_command.c | 21 +++++++++++----------
> 1 file changed, 11 insertions(+), 10 deletions(-)
>
> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
> index e04e55e..462a019 100644
> --- a/src/qemu/qemu_command.c
> +++ b/src/qemu/qemu_command.c
> @@ -3983,18 +3983,19 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager,
> break;
>
> case VIR_DOMAIN_CHR_TYPE_FILE:
> - virBufferAsprintf(&buf, "file,id=char%s,path=%s", alias,
^^^^
(see below)
> - dev->data.file.path);
> - if (dev->data.file.append != VIR_TRISTATE_SWITCH_ABSENT) {
> - if (!virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_FILE_APPEND)) {
> - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> - _("append not supported in this QEMU binary"));
> - goto error;
> - }
> + virBufferAsprintf(&buf, "file,id=char%s", alias);
>
> - virBufferAsprintf(&buf, ",append=%s",
> - virTristateSwitchTypeToString(dev->data.file.append));
> + if (dev->data.file.append != VIR_TRISTATE_SWITCH_ABSENT &&
> + !virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_FILE_APPEND)) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("append not supported in this QEMU binary"));
> + goto error;
> }
> + if (qemuBuildChrChardevFileStr(virQEMUCapsGet(qemuCaps, QEMU_CAPS_CHARDEV_FILE_APPEND) ?
> + logManager : NULL, cmd, def, &buf,
> + "file", dev->data.file.path,
s/"file"/"path" ?
> + "append", dev->data.file.append) < 0)
> + goto error;
> break;
>
> case VIR_DOMAIN_CHR_TYPE_PIPE:
>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list