[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH 8/9] libxl: Kill QEMU by uid when possible

> On Nov 29, 2018, at 11:55 AM, Wei Liu <wei.liu2@xxxxxxxxxx> wrote:
> On Wed, Nov 28, 2018 at 03:57:58PM +0000, Anthony PERARD wrote:
>> On Fri, Nov 23, 2018 at 05:18:59PM +0000, George Dunlap wrote:
>>> On 11/23/18 5:15 PM, George Dunlap wrote:
>>> Does libxl__qmp_cleanup() need to be called after the kill() happens?
>>> If not, we could put this before the kill() and avoid having two call sites.
>> QEMU is supposed to create monitor sockets before the guest is running,
>> even before it drops priviledge, so I don't think it matter when we `rm`
>> those qmp sockets. There are only useful to libxl anyway, once libxl
>> don't needs them they can be removed.
>> So, before kill() should be fine.
> With this scheme, my question is supposedly there is a rogue QEMU, will
> it be able to recreate these sockets again by forking so we may end up
> having some garbage lying around after it has been killed?

No; it should at that point be deprivileged and chrooted into a directory owned 
by root; so it shouldn’t be able to create any new sockets.

It wouldn’t be terribly hard to have a common “exit” to both the kill-by-pid 
and kill-by-uid paths that did it once, but it would involve adding Yet Another 
Function; and each additional function makes the code a little bit more 
difficult to follow.

Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.