99745c22a8
c3f16cea-qemu-cleanup-label-on-umount-failure.patch, 697c16e3-qemu_process-better-debug-message.patch, 5155ab4b-qemu_namespace-nested-mounts-when-umount.patch boo#1207889 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=966
55 lines
2.1 KiB
Diff
55 lines
2.1 KiB
Diff
From 927ddc0ec04e6a838fa807df4546e14f60927949 Mon Sep 17 00:00:00 2001
|
|
From: Michal Privoznik <mprivozn@redhat.com>
|
|
Date: Tue, 7 Feb 2023 15:06:32 +0100
|
|
Subject: [PATCH 3/3] qemu_namespace: Deal with nested mounts when umount()-ing
|
|
/dev
|
|
|
|
In one of recent commits (v9.0.0-rc1~106) I've made our QEMU
|
|
namespace code umount the original /dev. One of the reasons was
|
|
enhanced security, because previously we just mounted a tmpfs
|
|
over the original /dev. Thus a malicious QEMU could just
|
|
umount("/dev") and it would get to the original /dev with all
|
|
nodes.
|
|
|
|
Now, on some systems this introduced a regression:
|
|
|
|
failed to umount devfs on /dev: Device or resource busy
|
|
|
|
But how this could be? We've moved all file systems mounted under
|
|
/dev to a temporary location. Or have we? As it turns out, not
|
|
quite. If there are two file systems mounted on the same target,
|
|
e.g. like this:
|
|
|
|
mount -t tmpfs tmpfs /dev/shm/ && mount -t tmpfs tmpfs /dev/shm/
|
|
|
|
then only the top most (i.e. the last one) is moved. See
|
|
qemuDomainUnshareNamespace() for more info.
|
|
|
|
Now, we could enhance our code to deal with these "doubled" mount
|
|
points. Or, since it is the top most file system that is
|
|
accessible anyways (and this one is preserved), we can
|
|
umount("/dev") in a recursive fashion.
|
|
|
|
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167302
|
|
Fixes: 379c0ce4bfed8733dfbde557c359eecc5474ce38
|
|
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
|
|
(cherry picked from commit 5155ab4b2a704285505dfea6ffee8b980fdaa29e)
|
|
---
|
|
src/qemu/qemu_namespace.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: libvirt-9.0.0/src/qemu/qemu_namespace.c
|
|
===================================================================
|
|
--- libvirt-9.0.0.orig/src/qemu/qemu_namespace.c
|
|
+++ libvirt-9.0.0/src/qemu/qemu_namespace.c
|
|
@@ -777,7 +777,7 @@ qemuDomainUnshareNamespace(virQEMUDriver
|
|
}
|
|
|
|
#if defined(__linux__)
|
|
- if (umount("/dev") < 0) {
|
|
+ if (umount2("/dev", MNT_DETACH) < 0) {
|
|
virReportSystemError(errno, "%s", _("failed to umount devfs on /dev"));
|
|
goto cleanup;
|
|
}
|