From 29dbb2c9264e62ced2134af1a9346ff815843722 Mon Sep 17 00:00:00 2001
Message-Id: <29dbb2c9264e62ced2134af1a9346ff815843722@dist-git>
From: "Daniel P. Berrange" <berrange@redhat.com>
Date: Tue, 18 Feb 2014 15:45:35 -0700
Subject: [PATCH] Disks are always block devices, never character devices

https://bugzilla.redhat.com/show_bug.cgi?id=1045643
prereq of CVE-2013-6456

The LXC disk hotplug code was allowing block or character devices
to be given as disk. A disk is always a block device.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
(cherry picked from commit d24e6b8b1eb87daa6ee467b76cf343725468949c)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/lxc/lxc_driver.c | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index b098d29..227ea32 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -3103,9 +3103,9 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
         goto cleanup;
     }
 
-    if (!S_ISCHR(sb.st_mode) && !S_ISBLK(sb.st_mode)) {
+    if (!S_ISBLK(sb.st_mode)) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
-                       _("Disk source %s must be a character/block device"),
+                       _("Disk source %s must be a block device"),
                        def->src);
         goto cleanup;
     }
@@ -3117,11 +3117,7 @@ lxcDomainAttachDeviceDiskLive(virLXCDriverPtr driver,
     if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks+1) < 0)
         goto cleanup;
 
-    mode = 0700;
-    if (S_ISCHR(sb.st_mode))
-        mode |= S_IFCHR;
-    else
-        mode |= S_IFBLK;
+    mode = 0700 | S_IFBLK;
 
     /* Yes, the device name we're creating may not
      * actually correspond to the major:minor number
-- 
1.9.0