Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
eb6d21cc
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
eb6d21cc
编写于
6月 29, 2009
作者:
D
Daniel P. Berrange
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Reduce LXC capabilities
上级
96619805
变更
3
显示空白变更内容
内联
并排
Showing
3 changed file
with
80 addition
and
21 deletion
+80
-21
ChangeLog
ChangeLog
+9
-0
src/lxc_container.c
src/lxc_container.c
+43
-21
src/lxc_controller.c
src/lxc_controller.c
+28
-0
未找到文件。
ChangeLog
浏览文件 @
eb6d21cc
Mon Jun 29 18:01:20 BST 2009 Daniel P. Berrange <berrange@redhat.com>
Reduce LXC capabilities
* src/lxc_container.c: Use libcap-ng to clear capabilities,
and also drop SYS_MODULE, SYS_TIME, AUDIT_CONTROL, and
MAC_ADMIN, in addition to SYS_BOOT.
* src/lxc_controller.c: Drop all capabilities once container
has been spawned.
Mon Jun 29 12:48:20 BST 2009 Daniel P. Berrange <berrange@redhat.com>
Use libcap-ng to clear capabilities for many child processes
...
...
src/lxc_container.c
浏览文件 @
eb6d21cc
...
...
@@ -41,8 +41,9 @@
/* For MS_MOVE */
#include <linux/fs.h>
#include <sys/prctl.h>
#include <linux/capability.h>
#if HAVE_CAPNG
#include <cap-ng.h>
#endif
#include "virterror_internal.h"
#include "logging.h"
...
...
@@ -642,27 +643,48 @@ static int lxcContainerSetupMounts(virDomainDefPtr vmDef,
return
lxcContainerSetupExtraMounts
(
vmDef
);
}
static
int
lxcContainerDropCapabilities
(
virDomainDefPtr
vmDef
ATTRIBUTE_UNUSED
)
/*
* This is running as the 'init' process insid the container.
* It removes some capabilities that could be dangerous to
* host system, since they are not currently "containerized"
*/
static
int
lxcContainerDropCapabilities
(
void
)
{
#ifdef PR_CAPBSET_DROP
int
i
;
const
struct
{
int
id
;
const
char
*
name
;
}
caps
[]
=
{
#define ID_STRING(name) name, #name
{
ID_STRING
(
CAP_SYS_BOOT
)
},
};
#if HAVE_CAPNG
int
ret
;
capng_get_caps_process
();
if
((
ret
=
capng_updatev
(
CAPNG_DROP
,
CAPNG_EFFECTIVE
|
CAPNG_PERMITTED
|
CAPNG_INHERITABLE
|
CAPNG_BOUNDING_SET
,
CAP_SYS_BOOT
,
/* No use of reboot */
CAP_SYS_MODULE
,
/* No kernel module loading */
CAP_SYS_TIME
,
/* No changing the clock */
CAP_AUDIT_CONTROL
,
/* No messing with auditing status */
CAP_MAC_ADMIN
,
/* No messing with LSM config */
-
1
/* sentinal */
))
<
0
)
{
lxcError
(
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to remove capabilities %d"
),
ret
);
return
-
1
;
}
for
(
i
=
0
;
i
<
ARRAY_CARDINALITY
(
caps
)
;
i
++
)
{
if
(
prctl
(
PR_CAPBSET_DROP
,
caps
[
i
].
id
,
0
,
0
,
0
))
{
if
((
ret
=
capng_apply
(
CAPNG_SELECT_BOTH
))
<
0
)
{
lxcError
(
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to drop %s"
),
caps
[
i
].
name
);
_
(
"failed to apply capabilities: %d"
),
ret
);
return
-
1
;
}
/* Need to prevent them regaining any caps on exec */
if
((
ret
=
capng_lock
())
<
0
)
{
lxcError
(
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to lock capabilities: %d"
),
ret
);
return
-
1
;
}
#else
/* ! PR_CAPBSET_DROP */
VIR_WARN0
(
_
(
"failed to drop capabilities PR_CAPBSET_DROP undefined"
));
#else
VIR_WARN0
(
_
(
"libcap-ng support not compiled in, unable to clear capabilities"
));
#endif
return
0
;
}
...
...
@@ -735,7 +757,7 @@ static int lxcContainerChild( void *data )
return
-
1
;
/* drop a set of root capabilities */
if
(
lxcContainerDropCapabilities
(
vmDef
)
<
0
)
if
(
lxcContainerDropCapabilities
()
<
0
)
return
-
1
;
/* this function will only return if an error occured */
...
...
src/lxc_controller.c
浏览文件 @
eb6d21cc
...
...
@@ -35,6 +35,10 @@
#include <getopt.h>
#include <sys/mount.h>
#if HAVE_CAPNG
#include <cap-ng.h>
#endif
#include "virterror_internal.h"
#include "logging.h"
#include "util.h"
...
...
@@ -210,6 +214,25 @@ cleanup:
return
rc
;
}
static
int
lxcControllerClearCapabilities
(
void
)
{
#if HAVE_CAPNG
int
ret
;
capng_clear
(
CAPNG_SELECT_BOTH
);
if
((
ret
=
capng_apply
(
CAPNG_SELECT_BOTH
))
<
0
)
{
lxcError
(
NULL
,
NULL
,
VIR_ERR_INTERNAL_ERROR
,
_
(
"failed to apply capabilities: %d"
),
ret
);
return
-
1
;
}
#else
VIR_WARN0
(
_
(
"libcap-ng support not compiled in, unable to clear capabilities"
));
#endif
return
0
;
}
typedef
struct
_lxcTtyForwardFd_t
{
int
fd
;
int
active
;
...
...
@@ -562,6 +585,11 @@ lxcControllerRun(virDomainDefPtr def,
if
(
lxcContainerSendContinue
(
control
[
0
])
<
0
)
goto
cleanup
;
/* Now the container is running, there's no need for us to keep
any elevated capabilities */
if
(
lxcControllerClearCapabilities
()
<
0
)
goto
cleanup
;
rc
=
lxcControllerMain
(
monitor
,
client
,
appPty
,
containerPty
);
cleanup:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录