|
 |
c401cc |
From bc1b2df16f9ac41a8334feeda89dddd8d2b63ed0 Mon Sep 17 00:00:00 2001
|
|
|
c401cc |
Message-Id: <bc1b2df16f9ac41a8334feeda89dddd8d2b63ed0@dist-git>
|
|
|
c401cc |
From: "Daniel P. Berrange" <berrange@redhat.com>
|
|
|
c401cc |
Date: Tue, 18 Feb 2014 15:45:31 -0700
|
|
|
c401cc |
Subject: [PATCH] Don't block use of USB with containers
|
|
|
c401cc |
|
|
|
c401cc |
https://bugzilla.redhat.com/show_bug.cgi?id=1045643
|
|
|
c401cc |
prereq of CVE-2013-6456
|
|
|
c401cc |
|
|
|
c401cc |
virDomainDefCompatibleDevice blocks use of USB if no USB
|
|
|
c401cc |
controller is present. This is not correct for containers
|
|
|
c401cc |
since devices can be assigned directly regardless of any
|
|
|
c401cc |
controllers.
|
|
|
c401cc |
|
|
|
c401cc |
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
|
|
c401cc |
(cherry picked from commit 7a44af963ef75c487f874bc91613ad45e5b167e9)
|
|
|
c401cc |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
c401cc |
---
|
|
|
c401cc |
src/conf/domain_conf.c | 1 +
|
|
|
c401cc |
1 file changed, 1 insertion(+)
|
|
|
c401cc |
|
|
|
c401cc |
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
|
|
|
c401cc |
index 6359805..9536250 100644
|
|
|
c401cc |
--- a/src/conf/domain_conf.c
|
|
|
c401cc |
+++ b/src/conf/domain_conf.c
|
|
|
c401cc |
@@ -17356,6 +17356,7 @@ virDomainDefCompatibleDevice(virDomainDefPtr def,
|
|
|
c401cc |
virDomainDeviceDefPtr dev)
|
|
|
c401cc |
{
|
|
|
c401cc |
if (!virDomainDefHasUSB(def) &&
|
|
|
c401cc |
+ STRNEQ(def->os.type, "exe") &&
|
|
|
c401cc |
virDomainDeviceIsUSB(dev)) {
|
|
|
c401cc |
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
|
|
c401cc |
_("Device configuration is not compatible: "
|
|
|
c401cc |
--
|
|
|
c401cc |
1.9.0
|
|
|
c401cc |
|