From 7a0d06ba87d2ab3e946bbe1e82b03f073a9bb5f9 Mon Sep 17 00:00:00 2001

Message-Id: <7a0d06ba87d2ab3e946bbe1e82b03f073a9bb5f9@dist-git>

From: "Daniel P. Berrange" <berrange@redhat.com>

Date: Tue, 18 Feb 2014 15:45:34 -0700

Subject: [PATCH] Fix reset of cgroup when detaching USB device from LXC guests

https://bugzilla.redhat.com/show_bug.cgi?id=1045643

prereq of CVE-2013-6456

When detaching a USB device from an LXC guest we must remove

the device from the cgroup ACL. Unfortunately we were telling

the cgroup code to use the guest /dev path, not the host /dev

path, and the guest device node had already been unlinked.

This was, however, fortunate since the code passed &priv->cgroup

instead of priv->cgroup, so would have crash if the device node

were accessible.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

(cherry picked from commit 2c2bec94d27ccd070bee18a6113b1cfea6d80126)

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

---

 src/lxc/lxc_driver.c | 4 ++--

 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c

index 79d03ee..b098d29 100644

--- a/src/lxc/lxc_driver.c

+++ b/src/lxc/lxc_driver.c

@@ -3912,7 +3912,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virLXCDriverPtr driver,

     }

     if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus,

-                                def->source.subsys.u.usb.device, vroot)))

+                                def->source.subsys.u.usb.device, NULL)))

         goto cleanup;

     VIR_DEBUG("Unlinking %s", dst);

@@ -3926,7 +3926,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virLXCDriverPtr driver,

     if (virUSBDeviceFileIterate(usb,

                                 virLXCTeardownHostUsbDeviceCgroup,

-                                &priv->cgroup) < 0)

+                                priv->cgroup) < 0)

         VIR_WARN("cannot deny device %s for domain %s",

                  dst, vm->def->name);

-- 

1.9.0