CVE-2013-6456: Avoid unsafe use of /proc/$PID/root in LXC disk hotplug
Rewrite lxcDomainAttachDeviceDiskLive function to use the
virProcessRunInMountNamespace helper. This avoids risk of
a malicious guest replacing /dev with a absolute symlink,
tricking the driver into changing the host OS filesystem.
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit
4dd3a7d5bc44980135a1b11810ba9aeab42a4a59)
Conflicts:
src/lxc/lxc_driver.c: OOM + cgroups error reporting and
remove usernamespace integration
projects / thirdparty / libvirt.git / commit
