On Thu, Jul 21, 2016 at 03:37:26PM +0000, Katerina Koukiou wrote:
> When doing lxc migration or simply restoring the container from a
> saved state, we need restore the container from CRIU img files that
> we have stored in disk. In this patch, we should extend
> lxcContainerStart into a more generic one, that either starts a container
> from scratch or restores it from a snapshot.
>
> Signed-off-by: Katerina Koukiou <k.koukiou@xxxxxxxxx>
> ---
> src/Makefile.am | 3 +-
> src/lxc/lxc_container.c | 200 +++++++++++++++++++++++++++++++++++++++++++++--
> src/lxc/lxc_container.h | 3 +-
> src/lxc/lxc_controller.c | 109 ++++++++++++++++++++++++--
> src/lxc/lxc_driver.c | 4 +-
> src/lxc/lxc_process.c | 23 +++++-
> src/lxc/lxc_process.h | 1 +
> 7 files changed, 323 insertions(+), 20 deletions(-)
>
> + /* CRIU needs the container's root bind mounted so that it is the root of
> + * some mount.
> + */
> + if (virAsprintf(&rootfs_mount, "/tmp/%s", vmDef->name) < 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("Failed to write rootfs dir mount path"));
> + goto cleanup;
> + }
Again, use of /tmp is a likely security flaw
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list