xenbits.xensource.com Git - people/liuw/libxenctrl-split/libvirt.git/commit

author	Daniel P. Berrange <berrange@redhat.com>
	Thu, 2 Jun 2011 10:46:56 +0000 (11:46 +0100)
committer	Daniel P. Berrange <berrange@redhat.com>
	Thu, 2 Jun 2011 16:23:44 +0000 (17:23 +0100)
commit	ebfb8c42434dd4d9f4852db2fde612351da500f7
tree	a1f7fba842bb87ea1425224f1f722656f3d0c9fd	tree
parent	a2f9bd5b8033fcf13ff9cd0d42e8a36f961a3662	commit \| diff

Add call to sanlock_restrict() in QEMU lock driver

In between fork and exec, a connection to sanlock is acquired
and the socket file descriptor is intionally leaked to the
child process. sanlock watches this FD for POLL_HANGUP to
detect when QEMU has exited. We don't want a rogus/compromised
QEMU from issuing sanlock RPC calls on the leaked FD though,
since that could be used to DOS other guests. By calling
sanlock_restrict() on the socket before exec() we can lock
it down.

* configure.ac: Check for sanlock_restrict API
* src/locking/domain_lock.c: Restrict lock acquired in
process startup phase
* src/locking/lock_driver.h: Add VIR_LOCK_MANAGER_ACQUIRE_RESTRICT
* src/locking/lock_driver_sanlock.c: Add call to sanlock_restrict
when requested by VIR_LOCK_MANAGER_ACQUIRE_RESTRICT flag

configure.ac		diff \| blob \| blame \| history
src/locking/domain_lock.c		diff \| blob \| blame \| history
src/locking/lock_driver.h		diff \| blob \| blame \| history
src/locking/lock_driver_sanlock.c		diff \| blob \| blame \| history