Bug 230790
Summary: | HVM: QEMU leaks virtual disk file descriptors to network script causing SELinux AVCs | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Daniel Berrangé <berrange> | ||||
Component: | xen | Assignee: | Xen Maintainance List <xen-maint> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5.0 | CC: | cevich | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | RHEA-2007-0635 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2007-11-07 17:10:01 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Daniel Berrangé
2007-03-02 21:25:01 UTC
Created attachment 149154 [details]
Set the close-on-exec flag
The attached patch modifies all the various disk driver backends in QEMU to
ensure the close-on-exec flag is turned on. This prevents disk file descriptors
propagating to the networking scripts.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Built into dist-5E-qu-candidate as xen-3.0.3-27.el5 * Thu Jun 14 2007 Daniel P. Berrange <berrange> - 3.0.3-27.el5 - Update low level (non-XenD) userspace to work with 3.1.0 hypervisor (rhbz#243462, rhbz#234166, rhbz#230790) *** Bug 240342 has been marked as a duplicate of this bug. *** An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2007-0635.html |