CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC USB hotplug
authorDaniel P. Berrange <berrange@redhat.com>
Thu, 30 Jan 2014 16:34:19 +0000 (16:34 +0000)
committerDaniel P. Berrange <berrange@redhat.com>
Tue, 18 Feb 2014 21:36:31 +0000 (21:36 +0000)
commit081e0fabfd8c0f5c3f2c869ddcf11710c445a962
treeb36c9003a1f0b38d8fbb36af8c2be1fd84bfe6f9
parentb2a853e1f6aea9683a30eafd2b069b8be0fcf898
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC USB hotplug

Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 7fba01c15c1f886b4235825692b4c13e88dd9f7b)

Conflicts:
src/lxc/lxc_driver.c: OOM + cgroups error reporting
src/lxc/lxc_driver.c