NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

qemuDomainBuildNamespace: Populate loader from daemon's namespace

Browse Source 
As mentioned in one of previous commits, populating domain's
namespace from pre-exec() hook is dangerous. This commit moves
population of the namespace with domain loader into daemon's
namespace.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Michal Privoznik 2020-07-21 14:49:42 +02:00
parent 408f64df9f
commit 6483b1e32b
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/qemu/qemu_namespace.c
View File

@ -801,7 +801,7 @@ qemuDomainSetupAllRNGs(virDomainObjPtr vm,
static int static int
qemuDomainSetupLoader(virDomainObjPtr vm, qemuDomainSetupLoader(virDomainObjPtr vm,
const struct qemuDomainCreateDeviceData *data) char ***paths)
{ {
virDomainLoaderDefPtr loader = vm->def->os.loader; virDomainLoaderDefPtr loader = vm->def->os.loader;
@ -810,16 +810,16 @@ qemuDomainSetupLoader(virDomainObjPtr vm,
if (loader) { if (loader) {
switch ((virDomainLoader) loader->type) { switch ((virDomainLoader) loader->type) {
case VIR_DOMAIN_LOADER_TYPE_ROM: case VIR_DOMAIN_LOADER_TYPE_ROM:
if (qemuDomainCreateDevice(loader->path, data, false) < 0) if (virStringListAdd(paths, loader->path) < 0)
return -1; return -1;
break; break;
case VIR_DOMAIN_LOADER_TYPE_PFLASH: case VIR_DOMAIN_LOADER_TYPE_PFLASH:
if (qemuDomainCreateDevice(loader->path, data, false) < 0) if (virStringListAdd(paths, loader->path) < 0)
return -1; return -1;
if (loader->nvram && if (loader->nvram &&
qemuDomainCreateDevice(loader->nvram, data, false) < 0) virStringListAdd(paths, loader->nvram) < 0)
return -1; return -1;
break; break;
@ -891,6 +891,9 @@ qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupAllRNGs(vm, &paths) < 0) if (qemuDomainSetupAllRNGs(vm, &paths) < 0)
return -1; return -1;
if (qemuDomainSetupLoader(vm, &paths) < 0)
return -1;
if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0) if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
return -1; return -1;
@ -942,9 +945,6 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
if (qemuDomainSetupDev(mgr, vm, devPath) < 0) if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
goto cleanup; goto cleanup;
if (qemuDomainSetupLoader(vm, &data) < 0)
goto cleanup;
if (qemuDomainSetupLaunchSecurity(vm, &data) < 0) if (qemuDomainSetupLaunchSecurity(vm, &data) < 0)
goto cleanup; goto cleanup;