From: Michal Privoznik <mprivozn@redhat.com>
Date: Tue, 17 Jan 2017 11:15:16 +0000 (+0100)
Subject: qemu: Actually unshare() iff running as root
X-Git-Tag: v3.0.0~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d0baf54e53faa544cc41abe8353ee3dce0b0861a;p=thirdparty%2Flibvirt.git

qemu: Actually unshare() iff running as root

https://bugzilla.redhat.com/show_bug.cgi?id=1413922

While all the code that deals with qemu namespaces correctly
detects whether we are running as root (and turn into NO-OP for
qemu:///session) the actual unshare() call is not guarded with
such check. Therefore any attempt to start a domain under
qemu:///session shall fail as unshare() is reserved for root.

The fix consists of moving unshare() call (for which we have a
wrapper called virProcessSetupPrivateMountNS) into
qemuDomainBuildNamespace() where the proper check is performed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
---

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 35baffb510..c676042228 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -7400,6 +7400,9 @@ qemuDomainBuildNamespace(virQEMUDriverPtr driver,
         goto cleanup;
     }
 
+    if (virProcessSetupPrivateMountNS() < 0)
+        goto cleanup;
+
     if (qemuDomainSetupDev(driver, vm, devPath) < 0)
         goto cleanup;
 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index a980f5a9e5..184440dc1a 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2663,9 +2663,6 @@ static int qemuProcessHook(void *data)
     if (virSecurityManagerClearSocketLabel(h->driver->securityManager, h->vm->def) < 0)
         goto cleanup;
 
-    if (virProcessSetupPrivateMountNS() < 0)
-        goto cleanup;
-
     if (qemuDomainBuildNamespace(h->driver, h->vm) < 0)
         goto cleanup;