Re: [PATCH 1/2] qemu: Move pid file of pr-helper to stateDir

On 10/14/21 12:51 PM, Peng Liang wrote: > On 10/14/2021 6:10 PM, Michal Prívozník wrote: >> On 10/11/21 2:11 PM, Peng Liang wrote: >>> Libvirt will put the pid file of pr-helper to per-domain directory. >>> However, the ownership of the per-domain directory is the user to run >>> the QEMU process

Re: [PATCH 1/2] qemu: Move pid file of pr-helper to stateDir

On 10/14/2021 6:10 PM, Michal Prívozník wrote: > On 10/11/21 2:11 PM, Peng Liang wrote: >> Libvirt will put the pid file of pr-helper to per-domain directory. >> However, the ownership of the per-domain directory is the user to run >> the QEMU process and the user has the write permission of the

Re: [PATCH 1/2] qemu: Move pid file of pr-helper to stateDir

On 10/11/21 2:11 PM, Peng Liang wrote: > Libvirt will put the pid file of pr-helper to per-domain directory. > However, the ownership of the per-domain directory is the user to run > the QEMU process and the user has the write permission of the directory. > If VM escape occurs, the attacker can >

[PATCH 1/2] qemu: Move pid file of pr-helper to stateDir

Libvirt will put the pid file of pr-helper to per-domain directory. However, the ownership of the per-domain directory is the user to run the QEMU process and the user has the write permission of the directory. If VM escape occurs, the attacker can 1. write arbitrary content to the pid file (if