Re: [PATCH v1 16/34] qemuDomainBuildNamespace: Populate basic /dev from daemon's namespace

Ján Tomko <jtomko@xxxxxxxxxx> · Fri, 24 Jul 2020 17:22:07 +0200

On a Wednesday in 2020, Michal Privoznik wrote:
As mentioned in previous commit, populating domain's namespace
from pre-exec() hook is dangerous. This commit moves population
of the namespace with basic /dev nodes (e.g. /dev/null, /dev/kvm,
etc.) into daemon's namespace.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
src/qemu/qemu_domain_namespace.c | 23 +++++++++++------------
src/qemu/qemu_domain_namespace.h |  3 ++-
src/qemu/qemu_process.c          |  2 +-
3 files changed, 14 insertions(+), 14 deletions(-)

Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx>

Jano
Attachment:
signature.asc

Description: PGP signature