| Reported on: | 20100615 |
|---|---|
| Published on: | 20100712 |
| Fixed on: | 20100719 |
| Reported by: | Daniel Berrange |
|---|---|
| Patched by: | Daniel Berrange |
Prior to starting a guest, or when hotplugging or unplugging a device the libvirt SELinux, DAC and CGroups security drivers need to determine full file chain associated with a disk image. This is done by traversing backing file formats referenced in the disk headers. The code did not, however, honour the disk format recorded in disk XML configuration, when reading disk images so a raw file could be mis-identifed as another type of file.
The SELinux, DAC and CGroups code was not honouring disk formats so could be tricked into giving the VM access to files that were otherwise not permitted by its configuration. This can be done by taking what was expected to be a raw disks file and writing a qcow2 header into it.
Do not use any raw disk images.
| Branch | master |
|---|---|
| Broken in: | v0.7.2 |
| Broken in: | v0.7.3 |
| Broken in: | v0.7.4 |
| Broken in: | v0.7.5 |
| Broken in: | v0.7.6 |
| Broken in: | v0.7.7 |
| Broken in: | v0.8.0 |
| Broken in: | v0.8.1 |
| Broken in: | v0.8.2 |
| Fixed in: | v0.8.3 |
| Broken by: | fe627697a3830cd2db0efcc201d8caa9e171263d |
| Broken by: | 15f5eaa09895d68b849a0b0ec458acdafe75d080 |
| Broken by: | 117d04fb1d388df700cc37c4d2a68189fab280c0 |
| Fixed by: | 68719c4bddb85fbcc931a5b7d99ac7c8a0af09b0 |