[Pkg-libvirt-maintainers] Bug#732394: libvirt-bin: virsh shutdown does not handle symlinks correctly for LXC

Reco recoverym4n at gmail.com
Tue Dec 17 15:41:30 UTC 2013 

Package: libvirt-bin
Version: 1.1.4-2~bpo70+1
Severity: important

Dear Maintainer,

As of versions 1.1.4 (current backported one) and 1.2.0 (current
experimental one) libvirt's implementation for LXC containers lacks
basic sanity checks in container shutdown implementation.

One can trace the problem to virInitctlSetRunLevel function at
src/util/virinitctl.c file.

Once user invokes 'virsh -c lxc:// shutdown', libvirtd constructs a
pathname to '/dev/initctl' inside the container, such as:

/proc/<container_init_pid>/root//dev/initctl

opens it without any additional checking and writes runlevel change
request to the init. It does not check whenever constructed pathname is
an actual pipe, which is bad. It does not check who exactly is on the
other side of this pipe, which is much worse.

Apparently this code was tested against systemd, which
creates /dev/initctl pipe and listens on it.

But, both upstart and sysvinit do not create such pipe (current wheezy's
init is using /run/initctl), which leads to this problem.


To reproduce the problem, one will need:

1) One Debian GNU/Linux installation, configured to run LXC (cgroups and
stuff), using sysvinit or upstart as PID 1.

2) One Debian GNU/Linux container, running sysvinit or upstart.

3) Boot the container.

4) Invoke inside the container:

ln -s /run/initctl /dev/initctl

5) Invoke from outside the container:

virsh -c lxc:// shutdown <container>

6) Observe the host shutting down.

-- System Information:
Debian Release: 7.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.11-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libvirt-bin depends on:
ii  adduser              3.113+nmu3
ii  gettext-base         0.18.1.1-9
ii  init-system-helpers  1.11~bpo70.1
ii  libaudit0            1:1.7.18-1.1
ii  libavahi-client3     0.6.31-2
ii  libavahi-common3     0.6.31-2
ii  libblkid1            2.20.1-5.3
ii  libc6                2.13-38
ii  libcap-ng0           0.6.6-2
ii  libdbus-1-3          1.6.8-1+deb7u1
ii  libdevmapper1.02.1   2:1.02.74-8
ii  libfuse2             2.9.0-2+deb7u1
ii  libgcrypt11          1.5.0-5+deb7u1
ii  libgnutls26          2.12.20-7
ii  libnetcf1            0.1.9-2
ii  libnl1               1.1-7
ii  libnuma1             2.0.8~rc4-1
ii  libparted0debian1    2.3-12
ii  libpcap0.8           1.3.0-1
ii  libpciaccess0        0.13.1-2
ii  libreadline6         6.2+dfsg-0.1
ii  libsasl2-2           2.1.25.dfsg1-6+deb7u1
ii  libssh2-1            1.4.2-1.1
ii  libudev0             175-7.2
ii  libvirt0             1.1.4-2~bpo70+1
ii  libxenstore3.0       4.1.4-3+deb7u1
ii  libxml2              2.8.0+dfsg1-7+nmu2
ii  libyajl2             2.0.4-2
ii  logrotate            3.8.1-4

Versions of packages libvirt-bin recommends:
ii  bridge-utils     1.5-6
ii  dmidecode        2.11-9
ii  dnsmasq-base     2.62-3+deb7u1
pn  ebtables         <none>
ii  iproute          20120521-3+b3
ii  iptables         1.4.14-3.1
ii  libxml2-utils    2.8.0+dfsg1-7+nmu2
ii  netcat-openbsd   1.105-7
ii  parted           2.3-12
ii  pm-utils         1.4.1-9
pn  qemu-kvm | qemu  <none>

Versions of packages libvirt-bin suggests:
pn  auditd       <none>
pn  policykit-1  <none>
pn  radvd        <none>
pn  systemtap    <none>

-- Configuration Files:
<omitted>

-- no debconf information

More information about the Pkg-libvirt-maintainers mailing list