On 06/04/2012 07:10 AM, Corey Bryant wrote: > The main goal of this patch series is to enable isolation of guest > images that are stored on the same NFS mount. This can be achieved > if the management application opens files for QEMU, and QEMU is > restricted from opening files. > > This patch adds support to the block layer open paths to dup(X) a > pre-opened file descriptor if the filename is of the format > /dev/fd/X. > > One nice thing about this approach is that no new SELinux policy is > required to prevent open of NFS files (files with type nfs_t). The > virt_use_nfs boolean type simply needs to be set to false, and open > will be prevented (yet dup will be allowed). For example: > > # setsebool virt_use_nfs 0 > # getsebool virt_use_nfs > virt_use_nfs --> off > > Signed-off-by: Corey Bryant <cor...@linux.vnet.ibm.com>
>
> +int file_open(const char *filename, int flags, mode_t mode)
> +{
> +#ifndef _WIN32
> + int fd;
> + const char *p;
> +
> + if (strstart(filename, "/dev/fd/", &p)) {
> + fd = atoi(p);
atoi() is lousy - it has no error checking, and returns 0 if a mistake
was made. You really want to be using strtol (or even better, a
sensible wrapper around strtol that takes care of the subtleties of
calling it correctly), so that you don't end up dup'ing stdin when the
user passes a bad /dev/fd/ string.
--
Eric Blake ebl...@redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
