On Tue, Jan 26, 2021 at 11:18 AM Stefan Hajnoczi wrote:
>
> On Mon, Jan 25, 2021 at 05:12:23PM +0100, Miklos Szeredi wrote:
> > On Thu, Jan 21, 2021 at 3:44 PM Stefan Hajnoczi wrote:
> >
> > > This patch adds the missing checks to virtiofsd. This is a short-term
> > > solution because it does not
On Mon, Jan 25, 2021 at 05:12:23PM +0100, Miklos Szeredi wrote:
> On Thu, Jan 21, 2021 at 3:44 PM Stefan Hajnoczi wrote:
>
> > This patch adds the missing checks to virtiofsd. This is a short-term
> > solution because it does not prevent a compromised virtiofsd process
> > from opening device nod
On Fri, Jan 22, 2021 at 10:40:54AM -0500, Vivek Goyal wrote:
> On Thu, Jan 21, 2021 at 02:44:29PM +, Stefan Hajnoczi wrote:
> > A well-behaved FUSE client does not attempt to open special files with
> > FUSE_OPEN because they are handled on the client side (e.g. device nodes
> > are handled by
On Thu, Jan 21, 2021 at 3:44 PM Stefan Hajnoczi wrote:
> This patch adds the missing checks to virtiofsd. This is a short-term
> solution because it does not prevent a compromised virtiofsd process
> from opening device nodes on the host.
I think the proper solution is adding support to the host
On Thu, Jan 21, 2021 at 02:48:03PM +, Daniel P. Berrangé wrote:
> On Thu, Jan 21, 2021 at 02:44:29PM +, Stefan Hajnoczi wrote:
> > A well-behaved FUSE client does not attempt to open special files with
> > FUSE_OPEN because they are handled on the client side (e.g. device nodes
> > are hand
On Thu, Jan 21, 2021 at 02:48:03PM +, Daniel P. Berrangé wrote:
> On Thu, Jan 21, 2021 at 02:44:29PM +, Stefan Hajnoczi wrote:
> > A well-behaved FUSE client does not attempt to open special files with
> > FUSE_OPEN because they are handled on the client side (e.g. device nodes
> > are hand
On Thu, Jan 21, 2021 at 02:44:29PM +, Stefan Hajnoczi wrote:
> A well-behaved FUSE client does not attempt to open special files with
> FUSE_OPEN because they are handled on the client side (e.g. device nodes
> are handled by client-side device drivers).
>
> The check to prevent virtiofsd from
* Stefan Hajnoczi (stefa...@redhat.com) wrote:
> A well-behaved FUSE client does not attempt to open special files with
> FUSE_OPEN because they are handled on the client side (e.g. device nodes
> are handled by client-side device drivers).
>
> The check to prevent virtiofsd from opening special f
On 01/21/21 16:52, Alex Xu wrote:
> Excerpts from Laszlo Ersek's message of January 21, 2021 10:32 am:
>> Assuming a benign / trusted guest, is there going to be an override for
>> this?
>>
>> Asked differently -- if we don't want to set up a separate block device
>> on the host, to contain the fil
Excerpts from Laszlo Ersek's message of January 21, 2021 10:32 am:
> Assuming a benign / trusted guest, is there going to be an override for
> this?
>
> Asked differently -- if we don't want to set up a separate block device
> on the host, to contain the filesystem that is mounted as the shared
>
On 01/21/21 15:44, Stefan Hajnoczi wrote:
> A well-behaved FUSE client does not attempt to open special files with
> FUSE_OPEN because they are handled on the client side (e.g. device nodes
> are handled by client-side device drivers).
>
> The check to prevent virtiofsd from opening special files
Excerpts from Stefan Hajnoczi's message of January 21, 2021 9:44 am:
> A well-behaved FUSE client does not attempt to open special files with
> FUSE_OPEN because they are handled on the client side (e.g. device nodes
> are handled by client-side device drivers).
>
> The check to prevent virtiofsd
On Thu, Jan 21, 2021 at 02:44:29PM +, Stefan Hajnoczi wrote:
> A well-behaved FUSE client does not attempt to open special files with
> FUSE_OPEN because they are handled on the client side (e.g. device nodes
> are handled by client-side device drivers).
>
> The check to prevent virtiofsd from
A well-behaved FUSE client does not attempt to open special files with
FUSE_OPEN because they are handled on the client side (e.g. device nodes
are handled by client-side device drivers).
The check to prevent virtiofsd from opening special files is missing in
a few cases, most notably FUSE_OPEN. A
14 matches
Mail list logo
