Re: [libvirt] [PATCH 2/2] virt-login-shell joins users into lxc container.
On 12/23/2013 03:17 PM, Eric Blake wrote:
>> + if (!(conf = virConfReadFile(login_shell_path, 0)))
>> + goto cleanup;
>
> ...and non-root invariably fails here, since login_shell_path
> (/etc/libvirt/virt-login-shell.conf) is buried inside a directory that
> is not searchable by either root or virtlogin.
Ah, I see - non-root fails here if run unprivileged (such as under gdb),
but when run setuid it has the permissions of root and can read the file
just fine.
Then again, when run as setuid, it's not even getting past
virInitialize(). :(
At least I managed to figure out how to debug things: I recompiled with
a sleep() at the beginning, gave my just-compiled binary the same setuid
permissions as the installed binary, and then attach gdb (as root, since
non-root can't ptrace a running setuid binary for obvious reasons). So
I suspect that the failure in virInitialize() is yet more fallout from
the CVE-2013-4400 patches being untested.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)