qemuDomainBuildNamespace: Populate basic /dev from daemon's namespace

As mentioned in previous commit, populating domain's namespace
from pre-exec() hook is dangerous. This commit moves population
of the namespace with basic /dev nodes (e.g. /dev/null, /dev/kvm,
etc.) into daemon's namespace.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
index 4194c60ded49dfd3be5d4d9429590ba1eb8c6ce8..d37a04779fcfcf8d23350d8cfc10fe4f2c85c927 100644 (file)
--- a/src/qemu/qemu_namespace.c
+++ b/src/qemu/qemu_namespace.c
@@ -435,8 +435,7 @@ qemuDomainCreateDevice(const char *device,
 
 static int
 qemuDomainPopulateDevices(virQEMUDriverConfigPtr cfg,
-                          virDomainObjPtr vm G_GNUC_UNUSED,
-                          const struct qemuDomainCreateDeviceData *data)
+                          char ***paths)
 {
     const char *const *devices = (const char *const *) cfg->cgroupDeviceACL;
     size_t i;
@@ -445,7 +444,7 @@ qemuDomainPopulateDevices(virQEMUDriverConfigPtr cfg,
         devices = defaultDeviceACL;
 
     for (i = 0; devices[i]; i++) {
-        if (qemuDomainCreateDevice(devices[i], data, true) < 0)
+        if (virStringListAdd(paths, devices[i]) < 0)
             return -1;
     }
 
@@ -454,10 +453,9 @@ qemuDomainPopulateDevices(virQEMUDriverConfigPtr cfg,
 
 
 static int
-qemuDomainSetupDev(virQEMUDriverConfigPtr cfg,
-                   virSecurityManagerPtr mgr,
+qemuDomainSetupDev(virSecurityManagerPtr mgr,
                    virDomainObjPtr vm,
-                   const struct qemuDomainCreateDeviceData *data)
+                   const char *path)
 {
     g_autofree char *mount_options = NULL;
     g_autofree char *opts = NULL;
@@ -475,10 +473,7 @@ qemuDomainSetupDev(virQEMUDriverConfigPtr cfg,
      */
     opts = g_strdup_printf("mode=755,size=65536%s", mount_options);
 
-    if (virFileSetupDev(data->path, opts) < 0)
-        return -1;
-
-    if (qemuDomainPopulateDevices(cfg, vm, data) < 0)
+    if (virFileSetupDev(path, opts) < 0)
         return -1;
 
     return 0;
@@ -862,10 +857,14 @@ qemuNamespaceMknodPaths(virDomainObjPtr vm,
 
 
 int
-qemuDomainBuildNamespace(virDomainObjPtr vm)
+qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
+                         virDomainObjPtr vm)
 {
     VIR_AUTOSTRINGLIST paths = NULL;
 
+    if (qemuDomainPopulateDevices(cfg, &paths) < 0)
+        return -1;
+
     if (qemuNamespaceMknodPaths(vm, (const char **) paths) < 0)
         return -1;
 
@@ -914,7 +913,7 @@ qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
     if (virProcessSetupPrivateMountNS() < 0)
         goto cleanup;
 
-    if (qemuDomainSetupDev(cfg, mgr, vm, &data) < 0)
+    if (qemuDomainSetupDev(mgr, vm, devPath) < 0)
         goto cleanup;
 
     if (qemuDomainSetupAllDisks(vm, &data) < 0)

diff --git a/src/qemu/qemu_namespace.h b/src/qemu/qemu_namespace.h
index 017e94ade614115d944e78a639d8561a943db177..52ca3ba0a13f4bc9a4146568b337a361757aa167 100644 (file)
--- a/src/qemu/qemu_namespace.h
+++ b/src/qemu/qemu_namespace.h
@@ -41,7 +41,8 @@ int qemuDomainUnshareNamespace(virQEMUDriverConfigPtr cfg,
                                virSecurityManagerPtr mgr,
                                virDomainObjPtr vm);
 
-int qemuDomainBuildNamespace(virDomainObjPtr vm);
+int qemuDomainBuildNamespace(virQEMUDriverConfigPtr cfg,
+                             virDomainObjPtr vm);
 
 void qemuDomainDestroyNamespace(virQEMUDriverPtr driver,
                                 virDomainObjPtr vm);

diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index e3060cd0541de47baf333c7b7c7b0600e8a45c8a..126fabf5ef83b59d56109fb7cc9b31bbf1eab53c 100644 (file)
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6832,7 +6832,7 @@ qemuProcessLaunch(virConnectPtr conn,
     }
 
     VIR_DEBUG("Building domain mount namespace (if required)");
-    if (qemuDomainBuildNamespace(vm) < 0)
+    if (qemuDomainBuildNamespace(cfg, vm) < 0)
         goto cleanup;
 
     VIR_DEBUG("Setting up domain cgroup (if required)");