forked from pool/libvirt
5d8a863e03
- boo#926153: make sure /var/run/libvirt/lxc folder exists when starting the driver. da33a1ac-lxc-init-statedir.patch - Fix lxc-enter-namespace for 3.19+ kernels. open-ns-files-readonly.patch OBS-URL: https://build.opensuse.org/request/show/295136 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=451
30 lines
1.0 KiB
Diff
30 lines
1.0 KiB
Diff
From cc21badc5c30ddeeb89abfa9ecdfbacd512f33c2 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
|
|
Date: Thu, 9 Apr 2015 09:22:43 +0200
|
|
Subject: [PATCH] Open /proc/PID/ns/* read-only to avoid getting permission
|
|
denied
|
|
|
|
lxc-enter-namespace stopped working on recent kernels (at least 3.19+)
|
|
due to /proc/PID/ns/* file descriptors being opened RW. From outside
|
|
the namespace these can only be opened RO.
|
|
---
|
|
src/util/virprocess.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
|
|
index ab1e039..7a79970 100644
|
|
--- a/src/util/virprocess.c
|
|
+++ b/src/util/virprocess.c
|
|
@@ -628,7 +628,7 @@ int virProcessGetNamespaces(pid_t pid,
|
|
ns[i]) < 0)
|
|
goto cleanup;
|
|
|
|
- if ((fd = open(nsfile, O_RDWR)) >= 0) {
|
|
+ if ((fd = open(nsfile, O_RDONLY)) >= 0) {
|
|
if (VIR_EXPAND_N(*fdlist, *nfdlist, 1) < 0) {
|
|
VIR_FORCE_CLOSE(fd);
|
|
goto cleanup;
|
|
--
|
|
2.1.4
|
|
|