CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC hotunplug code
authorDaniel P. Berrange <berrange@redhat.com>
Thu, 30 Jan 2014 17:58:36 +0000 (17:58 +0000)
committerDaniel P. Berrange <berrange@redhat.com>
Tue, 18 Feb 2014 21:36:41 +0000 (21:36 +0000)
commite9941eee1a3c1cb0af7bc39076eb0e8c2c4eb603
tree180f31786380da2d22cd22a3b267360c7a97e71a
parent84cf9af8d9a803f2e12df0b8b0c2bd2de544cf93
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC hotunplug code

Rewrite multiple hotunplug functions to to use the
virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with an absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 5fc590ad9f4071350a8df4d567ba88baacc8334d)

Conflicts:
src/lxc/lxc_driver.c: OOM + cgroups error reporting
src/lxc/lxc_driver.c