External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 03:25:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemuDomainCreateDevice: Canonicalize paths

Browse Source 
So far the decision whether /dev/* entry is created in the qemu
namespace is really simple: does the path starts with "/dev/"?
This can be easily fooled by providing path like the following
(for any considered device like disk, rng, chardev, ..):

  /dev/../var/lib/libvirt/images/disk.qcow2

Therefore, before making the decision the path should be
canonicalized.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
Michal Privoznik 2017-01-11 17:32:46 +01:00
parent 49f326edc0
commit cbc45525cb
1 changed files with 27 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
src/qemu/qemu_domain.c
View File

@ -6955,28 +6955,38 @@ qemuDomainCreateDevice(const char *device,
bool allow_noent) bool allow_noent)
{ {
char *devicePath = NULL; char *devicePath = NULL;
char *canonDevicePath = NULL;
struct stat sb; struct stat sb;
int ret = -1; int ret = -1;
if (!STRPREFIX(device, DEVPREFIX)) { if (virFileResolveAllLinks(device, &canonDevicePath) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("invalid device: %s"),
device);
goto cleanup;
}
if (virAsprintf(&devicePath, "%s/%s",
path, device + strlen(DEVPREFIX)) < 0)
goto cleanup;
if (stat(device, &sb) < 0) {
if (errno == ENOENT && allow_noent) { if (errno == ENOENT && allow_noent) {
/* Ignore non-existent device. */ /* Ignore non-existent device. */
ret = 0; ret = 0;
goto cleanup; goto cleanup;
} }
virReportSystemError(errno, _("Unable to stat %s"), device); virReportError(errno, _("Unable to canonicalize %s"), device);
goto cleanup;
}
if (!STRPREFIX(canonDevicePath, DEVPREFIX)) {
ret = 0;
goto cleanup;
}
if (virAsprintf(&devicePath, "%s/%s",
path, canonDevicePath + strlen(DEVPREFIX)) < 0)
goto cleanup;
if (stat(canonDevicePath, &sb) < 0) {
if (errno == ENOENT && allow_noent) {
/* Ignore non-existent device. */
ret = 0;
goto cleanup;
}
virReportSystemError(errno, _("Unable to stat %s"), canonDevicePath);
goto cleanup; goto cleanup;
} }
@ -7005,7 +7015,7 @@ qemuDomainCreateDevice(const char *device,
goto cleanup; goto cleanup;
} }
if (virFileCopyACLs(device, devicePath) < 0 && if (virFileCopyACLs(canonDevicePath, devicePath) < 0 &&
errno != ENOTSUP) { errno != ENOTSUP) {
virReportSystemError(errno, virReportSystemError(errno,
_("Failed to copy ACLs on device %s"), _("Failed to copy ACLs on device %s"),
@ -7015,6 +7025,7 @@ qemuDomainCreateDevice(const char *device,
ret = 0; ret = 0;
cleanup: cleanup:
VIR_FREE(canonDevicePath);
VIR_FREE(devicePath); VIR_FREE(devicePath);
return ret; return ret;
} }
@ -7096,8 +7107,7 @@ qemuDomainSetupDisk(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
int ret = -1; int ret = -1;
for (next = disk->src; next; next = next->backingStore) { for (next = disk->src; next; next = next->backingStore) {
if (!next->path || !virStorageSourceIsLocalStorage(next) || if (!next->path || !virStorageSourceIsLocalStorage(next)) {
!STRPREFIX(next->path, DEVPREFIX)) {
/* Not creating device. Just continue. */ /* Not creating device. Just continue. */
continue; continue;
} }
@ -7717,8 +7727,7 @@ qemuDomainNamespaceSetupDisk(virQEMUDriverPtr driver,
return 0; return 0;
for (next = disk->src; next; next = next->backingStore) { for (next = disk->src; next; next = next->backingStore) {
if (!next->path || !virStorageSourceIsBlockLocal(disk->src) || if (!next->path || !virStorageSourceIsBlockLocal(disk->src)) {
!STRPREFIX(next->path, DEVPREFIX)) {
/* Not creating device. Just continue. */ /* Not creating device. Just continue. */
continue; continue;
} }