Google Git
Sign in
qemu / qemu / 8e1d4ef231d8327be219f7aea7aa15d181375bbc
commit8e1d4ef231d8327be219f7aea7aa15d181375bbc[log] [tgz]
authorStefan Hajnoczi <stefanha@redhat.com>Wed Oct 16 17:01:57 2019 +0100
committerDr. David Alan Gilbert <dgilbert@redhat.com>Thu Jan 23 16:41:37 2020 +0000
tree3361c5f2094568140579a7941fccbd78468edaf0
parentd74830d12ae233186ff74ddf64c552d26bb39e50 [diff]
virtiofsd: move to a new pid namespace

virtiofsd needs access to /proc/self/fd.  Let's move to a new pid
namespace so that a compromised process cannot see another other
processes running on the system.

One wrinkle in this approach: unshare(CLONE_NEWPID) affects *child*
processes and not the current process.  Therefore we need to fork the
pid 1 process that will actually run virtiofsd and leave a parent in
waitpid(2).  This is not the same thing as daemonization and parent
processes should not notice a difference.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
1 file changed
tree: 3361c5f2094568140579a7941fccbd78468edaf0
  1. .gitlab-ci.d/
  2. accel/
  3. audio/
  4. authz/
  5. backends/
  6. block/
  7. bsd-user/
  8. chardev/
  9. contrib/
  10. crypto/
  11. default-configs/
  12. disas/
  13. docs/
  14. dump/
  15. fpu/
  16. fsdev/
  17. gdb-xml/
  18. hw/
  19. include/
  20. io/
  21. libdecnumber/
  22. linux-headers/
  23. linux-user/
  24. migration/
  25. monitor/
  26. nbd/
  27. net/
  28. pc-bios/
  29. plugins/
  30. po/
  31. python/
  32. qapi/
  33. qga/
  34. qobject/
  35. qom/
  36. replay/
  37. roms/
  38. scripts/
  39. scsi/
  40. stubs/
  41. target/
  42. tcg/
  43. tests/
  44. tools/
  45. trace/
  46. ui/
  47. util/
  48. capstone
  49. dtc
  50. slirp
  51. .cirrus.yml
  52. .dir-locals.el
  53. .editorconfig
  54. .exrc
  55. .gdbinit
  56. .gitignore
  57. .gitlab-ci-edk2.yml
  58. .gitlab-ci.yml
  59. .gitmodules
  60. .gitpublish
  61. .mailmap
  62. .patchew.yml
  63. .shippable.yml
  64. .travis.yml
  65. arch_init.c
  66. balloon.c
  67. block.c
  68. blockdev-nbd.c
  69. blockdev.c
  70. blockjob.c
  71. bootdevice.c
  72. Changelog
  73. CODING_STYLE.rst
  74. configure
  75. COPYING
  76. COPYING.LIB
  77. cpus-common.c
  78. cpus.c
  79. device-hotplug.c
  80. device_tree.c
  81. disas.c
  82. dma-helpers.c
  83. exec-vary.c
  84. exec.c
  85. gdbstub.c
  86. gitdm.config
  87. hmp-commands-info.hx
  88. hmp-commands.hx
  89. ioport.c
  90. iothread.c
  91. job-qmp.c
  92. job.c
  93. Kconfig.host
  94. LICENSE
  95. MAINTAINERS
  96. Makefile
  97. Makefile.objs
  98. Makefile.target
  99. memory.c
  100. memory_ldst.inc.c
  101. memory_mapping.c
  102. module-common.c
  103. os-posix.c
  104. os-win32.c
  105. qdev-monitor.c
  106. qemu-bridge-helper.c
  107. qemu-deprecated.texi
  108. qemu-doc.texi
  109. qemu-edid.c
  110. qemu-img-cmds.hx
  111. qemu-img.c
  112. qemu-img.texi
  113. qemu-io-cmds.c
  114. qemu-io.c
  115. qemu-keymap.c
  116. qemu-nbd.c
  117. qemu-nbd.texi
  118. qemu-option-trace.texi
  119. qemu-options-wrapper.h
  120. qemu-options.h
  121. qemu-options.hx
  122. qemu-seccomp.c
  123. qemu-tech.texi
  124. qemu.nsi
  125. qemu.sasl
  126. qtest.c
  127. README.rst
  128. replication.c
  129. replication.h
  130. rules.mak
  131. thunk.c
  132. tpm.c
  133. trace-events
  134. VERSION
  135. version.rc
  136. vl.c