[pve-devel] [PATCH common 0/2] preparation for pct push/pull
Wolfgang Bumiller
w.bumiller at proxmox.com
Fri Jan 22 11:55:26 CET 2016
Patch 1:
Added the setns() syscall which will help avoid all kinds of issues
in pct push/pull (like symlink attacks and, with unprivileged
containers, uid-mapping permission problems) by opening files within
the container's namespaces.
Patch 2:
Added Tools::create_file() helper to create a file with ownership and
permissions.
Sadly there's no sane way to do all of this atomically and completely
race-free. (The O_TMPFILE+fchown()+fchmod()+linkat() variant requires
support form the underlying filesystem... :-/ )
This will be used with pct push/pull.
Wolfgang Bumiller (2):
Tools: add setns system call
Tools: add create_file with owner and permissions
src/PVE/Tools.pm | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 59 insertions(+)
--
2.1.4
More information about the pve-devel
mailing list