External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-05 20:45:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
7c570f06bd
libvirt/src/locking
History
Daniel P. Berrangé f111e09468 locking: restrict sockets to mode 0600 
The virtlockd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-05-21 13:05:00 +01:00
..
domain_lock.c locking: Use virDomainLockImage[Attach|Detach] instead of *Disk 2019-01-30 17:20:38 +01:00
domain_lock.h locking: Use virDomainLockImage[Attach|Detach] instead of *Disk 2019-01-30 17:20:38 +01:00
libvirt_lockd.aug Check for tabs in augeas files 2018-01-31 15:19:26 +00:00
libvirt_sanlock.aug locking: Add io_timeout to sanlock 2015-11-18 10:56:56 +01:00
lock_daemon_config.c Revert "Include unistd.h directly by files using it" 2019-04-10 12:26:32 +02:00
lock_daemon_config.h Enforce a standard header file guard symbol name 2018-12-14 10:47:13 +00:00
lock_daemon_dispatch.c Remove all Author(s): lines from source file headers 2018-12-13 16:08:38 +00:00
lock_daemon_dispatch.h Enforce a standard header file guard symbol name 2018-12-14 10:47:13 +00:00
lock_daemon.c Always put _LAST enums on second line of VIR_ENUM_IMPL 2019-04-11 12:47:23 -04:00
lock_daemon.h Enforce a standard header file guard symbol name 2018-12-14 10:47:13 +00:00
lock_driver_lockd.c Revert "Include unistd.h directly by files using it" 2019-04-10 12:26:32 +02:00
lock_driver_lockd.h Enforce a standard header file guard symbol name 2018-12-14 10:47:13 +00:00
lock_driver_nop.c src: remove blank first line in function body 2018-09-17 13:29:01 +02:00
lock_driver_nop.h Enforce a standard header file guard symbol name 2018-12-14 10:47:13 +00:00
lock_driver_sanlock.c Revert "lock_driver: Introduce new VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON" 2018-11-16 13:42:39 +01:00
lock_driver.h Drop UML driver 2018-12-17 17:52:46 +01:00
lock_manager.c Fix names for abs_top_{src,build}dir variables 2019-03-14 10:05:28 +01:00
lock_manager.h Enforce a standard header file guard symbol name 2018-12-14 10:47:13 +00:00
lock_protocol.x Fix make check with gcc version 5 2016-01-18 15:19:21 +01:00
lockd.conf Remove unnecessary empty first lines 2014-06-06 10:52:05 +02:00
Makefile.inc.am src: don't statically link code that's already in libvirt.so 2019-05-17 14:34:45 +01:00
sanlock_helper.c src: More cleanup of some system headers already contained in internal.h 2018-09-20 10:16:39 +02:00
sanlock.conf locking: Fix documentation on how automatic sanlock leases are stored 2016-12-19 17:28:41 +01:00
test_libvirt_lockd.aug.in
test_libvirt_sanlock.aug.in locking: Add io_timeout to sanlock 2015-11-18 10:56:56 +01:00
test_virtlockd.aug.in log: update docs for daemons to improve user understanding 2018-05-11 17:11:46 +01:00
virtlockd-admin.socket.in locking: restrict sockets to mode 0600 2019-05-21 13:05:00 +01:00
virtlockd.aug rpc: remove remains of obsolete log_buffer_size config parameter 2018-03-23 10:44:35 +00:00
virtlockd.conf log: update docs for daemons to improve user understanding 2018-05-11 17:11:46 +01:00
virtlockd.pod Use https:// links for most sites 2017-10-16 10:22:34 +01:00
virtlockd.service.in lockd: add support for admin protocol in virtlockd 2018-01-31 15:18:36 +00:00
virtlockd.socket.in locking: restrict sockets to mode 0600 2019-05-21 13:05:00 +01:00
virtlockd.sysconf