Hello, list.
I was pointed here by maintainer of libvirt package in Debian, Guido
Günther. For the sake of completeness, the original bug report can be
viewed at this link:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394
To sum up the bug report, current implementation of
virInitctlSetRunLevel function (src/util/virinitctl.c) lacks any sanity
checks before writing to container's /dev/initctl. In the absence of
such checks, libvirtd can be easily tricked to write runlevel check
request to an arbitrary main hosts' file (including
hosts' /run/initctl, as described in the bug report). All it takes is
one symlink in place of containers' /dev/initctl.
I've checked current libvirtd's git, and it seems to me that the
problem is still here.
Attached to this letter is a patch which tries to mitigate the issue by
checking whenever container's /dev/initctl is a pipe actually.
Sincerely yours, Reco
PS I'm not subscribed to this list, in case of further questions please
CC me.