[libvirt] [PATCH 0/8 v3] Avoid unsafe usage of /proc/$PID/root in LXC driver

An update of https://www.redhat.com/archives/libvir-list/2014-February/msg00401.html Eric had previously suggested that we could have our fork helper pass by a pre-opened file descriptor and then label that, so we can move the labelling code out of the subprocess. While I believe that is technically possible, it plays havoc with the security driver APIs. We'd basically have to create an entire new set of APIs that take an FD instead of path / object in virSecurityManager. I don't think that's a net win in terms of complexity added. Considering what we're running in the fork helper - We're Linux only so can rely on sane glibc malloc behaviour - We're already using security manager calls in the QEMU driver fork helper - We've protected the logging + error APIs in virFork So I think we'll get away with bending the POSIX rules on async safe functions in this instance. Changes in this version - Avoid use of virCgroupAllowDeviceByPath where we already have the major/minor number - Avoid overwriting errors set by virCgroupAllow* - Use return value check of < 0 instead of != 0 - Other misc typos Eric mentioned Daniel P. Berrange (7): Add virFileMakeParentPath helper function Add helper for running code in separate namespaces Avoid unsafe use of /proc/$PID/root in LXC disk hotplug Avoid unsafe use of /proc/$PID/root in LXC USB hotplug Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug Avoid unsafe use of /proc/$PID/root in LXC hotunplug code Eric Blake (1): Avoid unsafe use of /proc/$PID/root in LXC shutdown/reboot code src/libvirt_private.syms | 2 + src/lxc/lxc_driver.c | 507 ++++++++++++++++++++++++----------------------- src/util/virfile.c | 27 +++ src/util/virfile.h | 1 + src/util/virinitctl.c | 26 +-- src/util/virinitctl.h | 5 +- src/util/virprocess.c | 107 ++++++++++ src/util/virprocess.h | 11 + 8 files changed, 418 insertions(+), 268 deletions(-) -- 1.8.5.3