Skip to content
Snippets Groups Projects
Commit 17188260 authored by Daniel P. Berrangé's avatar Daniel P. Berrangé :speech_balloon:
Browse files

CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC chardev hostdev hotplug 


Rewrite lxcDomainAttachDeviceHostdevMiscLive function
to use the virProcessRunInMountNamespace helper. This avoids
risk of a malicious guest replacing /dev with a absolute
symlink, tricking the driver into changing the host OS
filesystem.

Signed-off-by: default avatarDaniel P. Berrange <berrange@redhat.com>
(cherry picked from commit 1cadeafc)
parent 70665ec5
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 18 additions and 48 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment