From: Cédric Bosdonnat <cbosdonnat@suse.com>
Date: Thu, 9 Apr 2015 07:22:43 +0000 (+0200)
Subject: Open /proc/PID/ns/* read-only to avoid getting permission denied
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=cc21badc5c30ddeeb89abfa9ecdfbacd512f33c2;p=libvirt.git

Open /proc/PID/ns/* read-only to avoid getting permission denied

lxc-enter-namespace stopped working on recent kernels (at least 3.19+)
due to /proc/PID/ns/* file descriptors being opened RW. From outside
the namespace these can only be opened RO.
---

diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index ab1e039eab..7a79970212 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -628,7 +628,7 @@ int virProcessGetNamespaces(pid_t pid,
                         ns[i]) < 0)
             goto cleanup;
 
-        if ((fd = open(nsfile, O_RDWR)) >= 0) {
+        if ((fd = open(nsfile, O_RDONLY)) >= 0) {
             if (VIR_EXPAND_N(*fdlist, *nfdlist, 1) < 0) {
                 VIR_FORCE_CLOSE(fd);
                 goto cleanup;