On Fri, Feb 07, 2014 at 11:22:12AM -0700, Eric Blake wrote:
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
My overall thoughts:
If we had a way to do _just_ the mknod, then open the file, and pass the
fd back to the parent, then do labeling on the fd from the parent
context (rather than
On 02/07/2014 08:33 AM, Daniel P. Berrange wrote:
Rewrite lxcDomainAttachDeviceDiskLive function to use the
virProcessRunInMountNamespace helper. This avoids risk of
a malicious guest replacing /dev with a absolute symlink,
tricking the driver into changing the host OS filesystem.
Rewrite lxcDomainAttachDeviceDiskLive function to use the
virProcessRunInMountNamespace helper. This avoids risk of
a malicious guest replacing /dev with a absolute symlink,
tricking the driver into changing the host OS filesystem.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
