On 01/07/2014 06:32 PM, Gao feng wrote:
> On 01/07/2014 12:18 PM, Eric Blake wrote:
>> On 12/24/2013 06:45 AM, Reco wrote:
>>> On Tue, 24 Dec 2013 06:29:11 -0700
>>> Eric Blake <eblake@xxxxxxxxxx> wrote:
>>>
>>>> diff --git i/src/util/virprocess.c w/src/util/virprocess.c
>>>> index c99b75a..e069483 100644
>>>> --- i/src/util/virprocess.c
>>>> +++ w/src/util/virprocess.c
>>>> @@ -879,7 +879,7 @@ virProcessRunInMountNamespace(pid_t pid,
>>>> goto cleanup;
>>>> }
>>>>
>>>> - if ((cpid = virFork() < 0))
>>>> + if ((cpid = virFork()) < 0)
>>>> goto cleanup;
>>>> if (cpid == 0) {
>>>> /* child */
>>>
>>> Thanks, that solves it. With this extra patch libvirtd writes to the
>>> container's /dev/initctl only and terminates child process only.
>>
>> Thanks again for the functional review. I'm still waiting for a code
>> review from anyone willing, since this does fix a security issue and I
>> don't want to introduce an unintentional regression. And I guess
>> there's still the need to fix the access to the namespace /dev during
>> device hotplog...
>>
>
> Yes, device hotplug has the same problem.
> ACK to this serial.
s/serial/series/ (English is weird)
I've pushed patch 1, but am seeing if I can work up patches for the /dev
issue before I push any others (in particular, if that work turns up any
need to rethink the strategy, I'd like to avoid the churn - because I
still want this CVE fixed in time for the 1.2.1 release).
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list