From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 23 Jul 2013 14:47:03 +0000 (+0100)
Subject: Protection against doing bad stuff to the root group
X-Git-Tag: v1.1.1-rc2~25
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3068244e853357b1225bd0652bca5c07cf44d13a;p=thirdparty%2Flibvirt.git

Protection against doing bad stuff to the root group

Add protection such that the virCgroupRemove and
virCgroupKill* do not do anything to the root cgroup.

Killing all PIDs in the root cgroup does not end well.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
---

diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index 86dc5fe5e9..87325c0394 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -548,8 +548,13 @@ int virCgroupPathOfController(virCgroupPtr group,
     if (controller == -1) {
         size_t i;
         for (i = 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) {
+            /* Reject any controller with a placement
+             * of '/' to avoid doing bad stuff to the root
+             * cgroup
+             */
             if (group->controllers[i].mountPoint &&
-                group->controllers[i].placement) {
+                group->controllers[i].placement &&
+                STRNEQ(group->controllers[i].placement, "/")) {
                 controller = i;
                 break;
             }
@@ -1004,6 +1009,11 @@ int virCgroupRemove(virCgroupPtr group)
         if (!group->controllers[i].mountPoint)
             continue;
 
+        /* Don't delete the root group, if we accidentally
+           ended up in it for some reason */
+        if (STREQ(group->controllers[i].placement, "/"))
+            continue;
+
         if (virCgroupPathOfController(group,
                                       i,
                                       NULL,