|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 21/28] libxl: dm user: Reject attempts to set user!=root with qemu trad
On Tue, 2015-12-22 at 18:44 +0000, Ian Jackson wrote:
> Previously this option would be silently ignored, which is a potential
> security problem (introduced in 84f2fd1b "run QEMU as non-root" in
> xen-unstable only).
>
> Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
> CC: Stefano Stabellini <stefano.stabellini@xxxxxxxxxxxxx>
Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
(could/should go in now despite RFC-ness of the series as a whole, assuming
it is as independent as it looks, we really don't want to forget this for
4.7 if the other 27 patches take longer to land)
> ---
> v6: New patch.
> ---
> Âtools/libxl/libxl_dm.c |ÂÂÂÂ8 ++++++++
> Â1 file changed, 8 insertions(+)
>
> diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
> index 886ed9c..8232981 100644
> --- a/tools/libxl/libxl_dm.c
> +++ b/tools/libxl/libxl_dm.c
> @@ -415,6 +415,14 @@ static int
> libxl__build_device_model_args_old(libxl__gc *gc,
> ÂÂÂÂÂdm_args = flexarray_make(gc, 16, 1);
> ÂÂÂÂÂdm_envs = flexarray_make(gc, 16, 1);
> Â
> +ÂÂÂÂif (b_info->device_model_user && /* default is NULL if stubdom */
> +ÂÂÂÂÂÂÂÂstrcmp(b_info->device_model_user,"root")) {
> +ÂÂÂÂÂÂÂÂLOG(ERROR,
> + "device_model_user != root (%s) not supported by qemu-xen-traditional",
> +ÂÂÂÂÂÂÂÂÂÂÂÂb_info->device_model_user);
> +ÂÂÂÂÂÂÂÂreturn ERROR_INVAL;
> +ÂÂÂÂ}
> +
> ÂÂÂÂÂflexarray_vappend(dm_args, dm,
> ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ"-d", GCSPRINTF("%d", domid), NULL);
> Â
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |