|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 8/9] libxl: Kill QEMU by uid when possible
> On Nov 29, 2018, at 11:55 AM, Wei Liu <wei.liu2@xxxxxxxxxx> wrote: > > On Wed, Nov 28, 2018 at 03:57:58PM +0000, Anthony PERARD wrote: >> On Fri, Nov 23, 2018 at 05:18:59PM +0000, George Dunlap wrote: >>> On 11/23/18 5:15 PM, George Dunlap wrote: >>> Does libxl__qmp_cleanup() need to be called after the kill() happens? >>> If not, we could put this before the kill() and avoid having two call sites. >> >> QEMU is supposed to create monitor sockets before the guest is running, >> even before it drops priviledge, so I don't think it matter when we `rm` >> those qmp sockets. There are only useful to libxl anyway, once libxl >> don't needs them they can be removed. >> >> So, before kill() should be fine. > > With this scheme, my question is supposedly there is a rogue QEMU, will > it be able to recreate these sockets again by forking so we may end up > having some garbage lying around after it has been killed? No; it should at that point be deprivileged and chrooted into a directory owned by root; so it shouldn’t be able to create any new sockets. It wouldn’t be terribly hard to have a common “exit” to both the kill-by-pid and kill-by-uid paths that did it once, but it would involve adding Yet Another Function; and each additional function makes the code a little bit more difficult to follow. -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |