External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-07-30 13:37:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

qemu: Actually unshare() iff running as root

Browse Source 
https://bugzilla.redhat.com/show_bug.cgi?id=1413922

While all the code that deals with qemu namespaces correctly
detects whether we are running as root (and turn into NO-OP for
qemu:///session) the actual unshare() call is not guarded with
such check. Therefore any attempt to start a domain under
qemu:///session shall fail as unshare() is reserved for root.

The fix consists of moving unshare() call (for which we have a
wrapper called virProcessSetupPrivateMountNS) into
qemuDomainBuildNamespace() where the proper check is performed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
This commit is contained in:
Michal Privoznik 2017-01-17 12:15:16 +01:00
parent 2d0c4947ab
commit d0baf54e53
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/qemu/qemu_domain.c
View File

@ -7400,6 +7400,9 @@ qemuDomainBuildNamespace(virQEMUDriverPtr driver,
goto cleanup;
}
if (virProcessSetupPrivateMountNS() < 0)
goto cleanup;
if (qemuDomainSetupDev(driver, vm, devPath) < 0)
goto cleanup;

3
src/qemu/qemu_process.c
View File

@ -2663,9 +2663,6 @@ static int qemuProcessHook(void *data)
if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0)
goto cleanup;
if (virProcessSetupPrivateMountNS() < 0)
goto cleanup;
if (qemuDomainBuildNamespace(h->driver, h->vm) < 0)
goto cleanup;