External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-22 11:22:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

util: add access check for hooks to fix running as non-root

Browse Source 
Since feb83c1e710b9ea8044a89346f4868d03b31b0f1 libvirtd will abort on
startup if run as non-root

  2020-07-01 16:30:30.738+0000: 1647444: error : virDirOpenInternal:2869 : cannot open directory '/etc/libvirt/hooks/daemon.d': Permission denied

The root cause flaw is that non-root libvirtd is using /etc/libvirt for
its hooks. Traditionally that has been harmless though since we checked
whether we could access the hook file and degraded gracefully. We need
the same access check for iterating over the hook directory.

Long term we should make it possible to have an unprivileged hook dir
under $HOME.

Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2020-07-01 17:36:51 +01:00
parent c3fa17cd9a
commit 7fa7f7eeb6
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/util/virhook.c
View File

@ -171,6 +171,12 @@ virHookCheck(int no, const char *driver)
}
dir_path = g_strdup_printf("%s.d", path);
if (!virFileIsExecutable(dir_path)) {
VIR_DEBUG("Hook dir %s is not accessible", dir_path);
return 1;
}
if ((ret = virDirOpenIfExists(&dir, dir_path)) < 0)
return -1;
@ -415,6 +421,10 @@ virHookCall(int driver,
}
dir_path = g_strdup_printf("%s.d", path);
if (!virFileIsExecutable(dir_path))
return script_ret;
if ((ret = virDirOpenIfExists(&dir, dir_path)) < 0)
return -1;