virt-ark / libvirt

Clone
Source Code
GIT

d0baf54 qemu: Actually unshare() iff running as root

Authored and Committed by mprivozn 7 years ago
raw patch tree parent
2 files changed. 3 lines added. 3 lines removed.
src/qemu/qemu_domain.c
file modified
+3 -0
src/qemu/qemu_process.c
file modified
+0 -3 
    qemu: Actually unshare() iff running as root
    
    https://bugzilla.redhat.com/show_bug.cgi?id=1413922
    
    While all the code that deals with qemu namespaces correctly
    detects whether we are running as root (and turn into NO-OP for
    qemu:///session) the actual unshare() call is not guarded with
    such check. Therefore any attempt to start a domain under
    qemu:///session shall fail as unshare() is reserved for root.
    
    The fix consists of moving unshare() call (for which we have a
    wrapper called virProcessSetupPrivateMountNS) into
    qemuDomainBuildNamespace() where the proper check is performed.
    
    Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
    Tested-by: Richard W.M. Jones <rjones@redhat.com>
file modified
+3 -0
file modified
+0 -3
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.