18 Feb
2014
18 Feb
'14
6:03 a.m.
On 02/17/2014 09:39 AM, Daniel P. Berrange wrote:
Rewrite multiple hotunplug functions to to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute
s/a absolute/an absolute/
symlink, tricking the driver into changing the host OS filesystem.
Worth mentioning the CVE number in any of these commits? Are you planning on backporting to stable branches, or could you use some help on that front?
Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/lxc/lxc_driver.c | 79 ++++++++++++++++++++++++++-------------------------- 1 file changed, 39 insertions(+), 40 deletions(-)
ACK. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org