External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-06 21:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,931 Commits 67 Branches 629 Tags 868 MiB
098dd79ee2
Commit Graph

2 Commits

Author SHA1 Message Date
Eric Blake
aebbcdd33c CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code 
Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and
lxcDomainReboot.  Otherwise, a malicious guest could use symlinks
to force the host to manipulate the wrong file in the host's namespace.

Idea by Dan Berrange, based on an initial report by Reco
<recoverym4n@gmail.com> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394

Signed-off-by: Eric Blake <eblake@redhat.com>
 2014-02-18 12:59:02 +00:00
Daniel P. Berrange
c4ef575c97 Add APIs for talking to init via /dev/initctl 
To be able todo controlled shutdown/reboot of containers an
API to talk to init via /dev/initctl is required. Fortunately
this is quite straightforward to implement, and is supported
by both sysvinit and systemd. Upstart support for /dev/initctl
is unclear.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
 2012-11-30 19:17:30 +00:00