Re: [libvirt] CVE-2013-6456 Re: [PATCHv2 0/7] lxc: honor mount namespaces

On 01/07/2014 12:18 PM, Eric Blake wrote: > On 12/24/2013 06:45 AM, Reco wrote: >> On Tue, 24 Dec 2013 06:29:11 -0700 >> Eric Blake <eblake(a)redhat.com&gt; wrote: >> >>> diff --git i/src/util/virprocess.c w/src/util/virprocess.c >>> index c99b75a..e069483 100644 >>> --- i/src/util/virprocess.c >>> +++ w/src/util/virprocess.c >>> @@ -879,7 +879,7 @@ virProcessRunInMountNamespace(pid_t pid, >>> goto cleanup; >>> } >>> >>> - if ((cpid = virFork() < 0)) >>> + if ((cpid = virFork()) < 0) >>> goto cleanup; >>> if (cpid == 0) { >>> /* child */ >> >> Thanks, that solves it. With this extra patch libvirtd writes to the >> container's /dev/initctl only and terminates child process only. > > Thanks again for the functional review. I'm still waiting for a code > review from anyone willing, since this does fix a security issue and I > don't want to introduce an unintentional regression. And I guess > there's still the need to fix the access to the namespace /dev during > device hotplog... > Yes, device hotplug has the same problem. ACK to this serial.