[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 3/5] virtiofsd: open /proc/self/fd/ in sandbox=NONE mode
|
From: |
Dr. David Alan Gilbert |
|
Subject: |
Re: [PATCH v2 3/5] virtiofsd: open /proc/self/fd/ in sandbox=NONE mode |
|
Date: |
Fri, 7 Aug 2020 18:42:16 +0100 |
|
User-agent: |
Mutt/1.14.6 (2020-07-11) |
* Vivek Goyal (vgoyal@redhat.com) wrote:
> We need /proc/self/fd descriptor even in sandbox=NONE mode.
>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> ---
> tools/virtiofsd/passthrough_ll.c | 13 ++++++++++++-
> 1 file changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/tools/virtiofsd/passthrough_ll.c
> b/tools/virtiofsd/passthrough_ll.c
> index cd91c4a831..76ef891105 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -2969,6 +2969,15 @@ static void setup_capabilities(char *modcaps_in)
> pthread_mutex_unlock(&cap.mutex);
> }
>
> +static void setup_none(struct lo_data *lo)
'setup_none' is not the most obvious name; setup_sandbox_none ?
> +{
> + lo->proc_self_fd = open("/proc/self/fd", O_PATH);
> + if (lo->proc_self_fd == -1) {
> + fuse_log(FUSE_LOG_ERR, "open(\"/proc/self/fd\", O_PATH): %m\n");
> + exit(1);
> + }
> +}
> +
> /*
> * Use chroot as a weaker sandbox for environments where the process is
> * launched without CAP_SYS_ADMIN.
> @@ -3014,8 +3023,10 @@ static void setup_sandbox(struct lo_data *lo, struct
> fuse_session *se,
> if (lo->sandbox == SANDBOX_NAMESPACE) {
> setup_namespaces(lo, se);
> setup_mounts(lo->source);
> - } else {
> + } else if (lo->sandbox == SANDBOX_CHROOT) {
> setup_chroot(lo);
> + } else {
> + setup_none(lo);
> }
>
> setup_seccomp(enable_syslog);
> --
> 2.25.4
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [PATCH v2 3/5] virtiofsd: open /proc/self/fd/ in sandbox=NONE mode,
Dr. David Alan Gilbert <=