mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-02-02 09:55:18 +00:00
1b2ebf9502
https://bugzilla.redhat.com/show_bug.cgi?id=876828 Commit 38c4a9cc introduced a regression in hot unplugging of disks from qemu, where cgroup device ACLs were no longer being revoked (thankfully not a security hole: cgroup ACLs only prevent open() of the disk; so reverting the ACL prevents future abuse but doesn't stop abuse from an fd that was already opened before the ACL change). The actual regression is due to a latent bug. The hot unplug code was computing the set of files needing cgroup ACL revocation based on the XML passed in by the user, rather than based on the domain's details on which disk was being deleted. As long as the revoke path was always recomputing the backing chain, this didn't really matter; but now that we want to compute the chain exactly once and remember that computation, we need to hang on to the backing chain until after the revoke has happened. * src/qemu/qemu_hotplug.c (qemuDomainDetachPciDiskDevice): Transfer backing chain before deletion.
LibVirt : simple API for virtualization
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.
Daniel Veillard <veillard@redhat.com>