CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug
authorDaniel P. Berrange <berrange@redhat.com>
Thu, 30 Jan 2014 17:47:39 +0000 (17:47 +0000)
committerDaniel P. Berrange <berrange@redhat.com>
Tue, 18 Feb 2014 16:34:07 +0000 (16:34 +0000)
commitcb016b9ef1a6d786657a98546db8412f86510367
tree14c496034c00430d04e51a89b74aa133d6c5d6e3
parent72e379ed93b4707e26bbc5e3457a85833f50eb1a
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug

Rewrite lxcDomainAttachDeviceHostdevMiscLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 1cadeafcaa422844a27ef622e2a7041d0235bcb3)
src/lxc/lxc_driver.c