From 7a0d06ba87d2ab3e946bbe1e82b03f073a9bb5f9 Mon Sep 17 00:00:00 2001 Message-Id: <7a0d06ba87d2ab3e946bbe1e82b03f073a9bb5f9@dist-git> From: "Daniel P. Berrange" Date: Tue, 18 Feb 2014 15:45:34 -0700 Subject: [PATCH] Fix reset of cgroup when detaching USB device from LXC guests https://bugzilla.redhat.com/show_bug.cgi?id=1045643 prereq of CVE-2013-6456 When detaching a USB device from an LXC guest we must remove the device from the cgroup ACL. Unfortunately we were telling the cgroup code to use the guest /dev path, not the host /dev path, and the guest device node had already been unlinked. This was, however, fortunate since the code passed &priv->cgroup instead of priv->cgroup, so would have crash if the device node were accessible. Signed-off-by: Daniel P. Berrange (cherry picked from commit 2c2bec94d27ccd070bee18a6113b1cfea6d80126) Signed-off-by: Jiri Denemark --- src/lxc/lxc_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 79d03ee..b098d29 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -3912,7 +3912,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virLXCDriverPtr driver, } if (!(usb = virUSBDeviceNew(def->source.subsys.u.usb.bus, - def->source.subsys.u.usb.device, vroot))) + def->source.subsys.u.usb.device, NULL))) goto cleanup; VIR_DEBUG("Unlinking %s", dst); @@ -3926,7 +3926,7 @@ lxcDomainDetachDeviceHostdevUSBLive(virLXCDriverPtr driver, if (virUSBDeviceFileIterate(usb, virLXCTeardownHostUsbDeviceCgroup, - &priv->cgroup) < 0) + priv->cgroup) < 0) VIR_WARN("cannot deny device %s for domain %s", dst, vm->def->name); -- 1.9.0