From cc21badc5c30ddeeb89abfa9ecdfbacd512f33c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= Date: Thu, 9 Apr 2015 09:22:43 +0200 Subject: [PATCH] Open /proc/PID/ns/* read-only to avoid getting permission denied lxc-enter-namespace stopped working on recent kernels (at least 3.19+) due to /proc/PID/ns/* file descriptors being opened RW. From outside the namespace these can only be opened RO. --- src/util/virprocess.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/virprocess.c b/src/util/virprocess.c index ab1e039eab..7a79970212 100644 --- a/src/util/virprocess.c +++ b/src/util/virprocess.c @@ -628,7 +628,7 @@ int virProcessGetNamespaces(pid_t pid, ns[i]) < 0) goto cleanup; - if ((fd = open(nsfile, O_RDWR)) >= 0) { + if ((fd = open(nsfile, O_RDONLY)) >= 0) { if (VIR_EXPAND_N(*fdlist, *nfdlist, 1) < 0) { VIR_FORCE_CLOSE(fd); goto cleanup; -- GitLab