From ce75865e2c0f41f876827bf8bd55b68edfd7b792 Mon Sep 17 00:00:00 2001 From: Bo Chen Date: Fri, 7 Apr 2023 15:54:02 -0700 Subject: [PATCH] vmm: Ignore and warn TAP FDs sent via the HTTP request body Valid FDs can only be sent from another process via `SCM_RIGHTS`. Signed-off-by: Bo Chen --- vmm/src/api/http_endpoint.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vmm/src/api/http_endpoint.rs b/vmm/src/api/http_endpoint.rs index b0db7a926..00f1584ba 100644 --- a/vmm/src/api/http_endpoint.rs +++ b/vmm/src/api/http_endpoint.rs @@ -105,6 +105,10 @@ impl EndpointHandler for VmActionHandler { ), AddNet(_) => { let mut net_cfg: NetConfig = serde_json::from_slice(body.raw())?; + if net_cfg.fds.is_some() { + warn!("Ignoring FDs sent via the HTTP request body"); + net_cfg.fds = None; + } // Update network config with optional files that might have // been sent through control message. if !files.is_empty() {