CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug
authorDaniel P. Berrange <berrange@redhat.com>
Thu, 30 Jan 2014 17:45:08 +0000 (17:45 +0000)
committerDaniel P. Berrange <berrange@redhat.com>
Tue, 18 Feb 2014 13:15:55 +0000 (13:15 +0000)
commitee1269eecd3566729f3909db624f7ebd7bf1b84a
tree3ea4d1490091eed8a3e059010d1e8975035c4303
parentb9997828231b3492252cb6d9a0ad4f3dc522791e
CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC block hostdev hotplug

Rewrite lxcDomainAttachDeviceHostdevStorageLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 1754c7f0ab1407dcf7c89636a35711dd9b1febe1)
src/lxc/lxc_driver.c