[PATCH 2/2] qemu: Move pid file of virtiofsd to stateDir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Libvirt will put the pid file of virtiofsd to per-domain directory.
However, the ownership of the per-domain directory is the user to run
the QEMU process and the user has the write permission of the directory.
If VM escape occurs, the attacker can
1. write arbitrary content to the pid file (if running QEMU using root),
   then the attacker can kill any process by writing appropriate pid to
   the pid file;
2. spoof the pid file (if running QEMU using a regular user), then the
   virtiofsd process will never be cleared even if the VM is destroyed.

So, move the pid file of virtiofsd from per-domain directory to
stateDir just like the pid file of the domain.

Signed-off-by: Peng Liang <liangpeng10@xxxxxxxxxx>
---
 src/qemu/qemu_virtiofs.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index 08a8b4ed42a9..e617bb65fae0 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -44,11 +44,11 @@ qemuVirtioFSCreatePidFilename(virDomainObj *vm,
                               const char *alias)
 {
     qemuDomainObjPrivate *priv = vm->privateData;
-    g_autofree char *name = NULL;
+    g_autofree char *domname = virDomainDefGetShortName(vm->def);
+    g_autofree char *name = g_strdup_printf("%s-%s-fs", domname, alias);
+    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(priv->driver);
 
-    name = g_strdup_printf("%s-fs", alias);
-
-    return virPidFileBuildPath(priv->libDir, name);
+    return virPidFileBuildPath(cfg->stateDir, name);
 }
 
 
-- 
2.31.1





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux