Package: libvirt-bin Version: 1.1.4-2~bpo70+1 Severity: important Dear Maintainer,
As of versions 1.1.4 (current backported one) and 1.2.0 (current experimental one) libvirt's implementation for LXC containers lacks basic sanity checks in container shutdown implementation. One can trace the problem to virInitctlSetRunLevel function at src/util/virinitctl.c file. Once user invokes 'virsh -c lxc:// shutdown', libvirtd constructs a pathname to '/dev/initctl' inside the container, such as: /proc/<container_init_pid>/root//dev/initctl opens it without any additional checking and writes runlevel change request to the init. It does not check whenever constructed pathname is an actual pipe, which is bad. It does not check who exactly is on the other side of this pipe, which is much worse. Apparently this code was tested against systemd, which creates /dev/initctl pipe and listens on it. But, both upstart and sysvinit do not create such pipe (current wheezy's init is using /run/initctl), which leads to this problem. To reproduce the problem, one will need: 1) One Debian GNU/Linux installation, configured to run LXC (cgroups and stuff), using sysvinit or upstart as PID 1. 2) One Debian GNU/Linux container, running sysvinit or upstart. 3) Boot the container. 4) Invoke inside the container: ln -s /run/initctl /dev/initctl 5) Invoke from outside the container: virsh -c lxc:// shutdown <container> 6) Observe the host shutting down. -- System Information: Debian Release: 7.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.11-0.bpo.2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libvirt-bin depends on: ii adduser 3.113+nmu3 ii gettext-base 0.18.1.1-9 ii init-system-helpers 1.11~bpo70.1 ii libaudit0 1:1.7.18-1.1 ii libavahi-client3 0.6.31-2 ii libavahi-common3 0.6.31-2 ii libblkid1 2.20.1-5.3 ii libc6 2.13-38 ii libcap-ng0 0.6.6-2 ii libdbus-1-3 1.6.8-1+deb7u1 ii libdevmapper1.02.1 2:1.02.74-8 ii libfuse2 2.9.0-2+deb7u1 ii libgcrypt11 1.5.0-5+deb7u1 ii libgnutls26 2.12.20-7 ii libnetcf1 0.1.9-2 ii libnl1 1.1-7 ii libnuma1 2.0.8~rc4-1 ii libparted0debian1 2.3-12 ii libpcap0.8 1.3.0-1 ii libpciaccess0 0.13.1-2 ii libreadline6 6.2+dfsg-0.1 ii libsasl2-2 2.1.25.dfsg1-6+deb7u1 ii libssh2-1 1.4.2-1.1 ii libudev0 175-7.2 ii libvirt0 1.1.4-2~bpo70+1 ii libxenstore3.0 4.1.4-3+deb7u1 ii libxml2 2.8.0+dfsg1-7+nmu2 ii libyajl2 2.0.4-2 ii logrotate 3.8.1-4 Versions of packages libvirt-bin recommends: ii bridge-utils 1.5-6 ii dmidecode 2.11-9 ii dnsmasq-base 2.62-3+deb7u1 pn ebtables <none> ii iproute 20120521-3+b3 ii iptables 1.4.14-3.1 ii libxml2-utils 2.8.0+dfsg1-7+nmu2 ii netcat-openbsd 1.105-7 ii parted 2.3-12 ii pm-utils 1.4.1-9 pn qemu-kvm | qemu <none> Versions of packages libvirt-bin suggests: pn auditd <none> pn policykit-1 <none> pn radvd <none> pn systemtap <none> -- Configuration Files: <omitted> -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
