OpenE2K
/
qemu-e2k
13
4
Fork 0
Code Issues 4 Pull Requests Projects 2 Releases Activity

virtio-9p: Add SM_NONE security model 

This is equivalent to SM_PASSTHROUGH security model.
The only exception is, failure of privilige operation like chown
are ignored. This makes a passthrough like security model usable
for people who runs kvm as non root

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
This commit is contained in:
Aneesh Kumar K.V 2010-09-02 11:09:07 +05:30
parent 61b6c4994a
commit 12848bfc5d
5 changed files with 55 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
hw/file-op-9p.h
View File

@ -24,8 +24,19 @@
typedef enum typedef enum
{ {
SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */ /*
SM_MAPPED, /* uid/gid part of xattr */ * Server will try to set uid/gid.
* On failure ignore the error.
*/
SM_NONE = 0,
/*
* uid/gid set on fileserver files
*/
SM_PASSTHROUGH = 1,
/*
* uid/gid part of xattr
*/
SM_MAPPED,
} SecModel; } SecModel;
typedef struct FsCred typedef struct FsCred

40
hw/virtio-9p-local.c
View File

@ -102,7 +102,13 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
return -1; return -1;
} }
if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) { if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) {
return -1; /*
* If we fail to change ownership and if we are
* using security model none. Ignore the error
*/
if (fs_ctx->fs_sm != SM_NONE) {
return -1;
}
} }
return 0; return 0;
} }
@ -122,7 +128,8 @@ static ssize_t local_readlink(FsContext *fs_ctx, const char *path,
} while (tsize == -1 && errno == EINTR); } while (tsize == -1 && errno == EINTR);
close(fd); close(fd);
return tsize; return tsize;
} else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
tsize = readlink(rpath(fs_ctx, path), buf, bufsz); tsize = readlink(rpath(fs_ctx, path), buf, bufsz);
} }
return tsize; return tsize;
@ -189,7 +196,8 @@ static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp)
{ {
if (fs_ctx->fs_sm == SM_MAPPED) { if (fs_ctx->fs_sm == SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path), credp); return local_set_xattr(rpath(fs_ctx, path), credp);
} else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
return chmod(rpath(fs_ctx, path), credp->fc_mode); return chmod(rpath(fs_ctx, path), credp->fc_mode);
} }
return -1; return -1;
@ -211,7 +219,8 @@ static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp)
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} }
} else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
err = mknod(rpath(fs_ctx, path), credp->fc_mode, credp->fc_rdev); err = mknod(rpath(fs_ctx, path), credp->fc_mode, credp->fc_rdev);
if (err == -1) { if (err == -1) {
return err; return err;
@ -247,7 +256,8 @@ static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} }
} else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
err = mkdir(rpath(fs_ctx, path), credp->fc_mode); err = mkdir(rpath(fs_ctx, path), credp->fc_mode);
if (err == -1) { if (err == -1) {
return err; return err;
@ -316,7 +326,8 @@ static int local_open2(FsContext *fs_ctx, const char *path, int flags,
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} }
} else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
fd = open(rpath(fs_ctx, path), flags, credp->fc_mode); fd = open(rpath(fs_ctx, path), flags, credp->fc_mode);
if (fd == -1) { if (fd == -1) {
return fd; return fd;
@ -372,15 +383,23 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
serrno = errno; serrno = errno;
goto err_end; goto err_end;
} }
} else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
err = symlink(oldpath, rpath(fs_ctx, newpath)); err = symlink(oldpath, rpath(fs_ctx, newpath));
if (err) { if (err) {
return err; return err;
} }
err = lchown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid); err = lchown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid);
if (err == -1) { if (err == -1) {
serrno = errno; /*
goto err_end; * If we fail to change ownership and if we are
* using security model none. Ignore the error
*/
if (fs_ctx->fs_sm != SM_NONE) {
serrno = errno;
goto err_end;
} else
err = 0;
} }
} }
return err; return err;
@ -447,7 +466,8 @@ static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp)
return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
} else if (fs_ctx->fs_sm == SM_MAPPED) { } else if (fs_ctx->fs_sm == SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path), credp); return local_set_xattr(rpath(fs_ctx, path), credp);
} else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
(fs_ctx->fs_sm == SM_NONE)) {
return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
} }
return -1; return -1;

12
hw/virtio-9p.c
View File

@ -3546,12 +3546,18 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
* Client user credentials are saved in extended attributes. * Client user credentials are saved in extended attributes.
*/ */
s->ctx.fs_sm = SM_MAPPED; s->ctx.fs_sm = SM_MAPPED;
} else if (!strcmp(fse->security_model, "none")) {
/*
* Files on the fileserver are set to QEMU credentials.
*/
s->ctx.fs_sm = SM_NONE;
} else { } else {
/* user haven't specified a correct security option */ fprintf(stderr, "Default to security_model=none. You may want"
fprintf(stderr, "one of the following must be specified as the" " enable advanced security model using "
"security option:\n\t security_model=passthrough \n\t " "security option:\n\t security_model=passthrough \n\t "
"security_model=mapped\n"); "security_model=mapped\n");
return NULL; s->ctx.fs_sm = SM_NONE;
} }
if (lstat(fse->path, &stat)) { if (lstat(fse->path, &stat)) {

4
qemu-options.hx
View File

@ -485,7 +485,7 @@ ETEXI
DEFHEADING(File system options:) DEFHEADING(File system options:)
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
"-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n", "-fsdev local,id=id,path=path,security_model=[mapped|passthrough|none]\n",
QEMU_ARCH_ALL) QEMU_ARCH_ALL)
STEXI STEXI
@ -518,7 +518,7 @@ ETEXI
DEFHEADING(Virtual File system pass-through options:) DEFHEADING(Virtual File system pass-through options:)
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
"-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n", "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough|none]\n",
QEMU_ARCH_ALL) QEMU_ARCH_ALL)
STEXI STEXI

2
vl.c
View File

@ -2320,7 +2320,7 @@ int main(int argc, char **argv, char **envp)
qemu_opt_get(opts, "path") == NULL || qemu_opt_get(opts, "path") == NULL ||
qemu_opt_get(opts, "security_model") == NULL) { qemu_opt_get(opts, "security_model") == NULL) {
fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/," fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
"security_model=[mapped|passthrough]," "security_model=[mapped|passthrough|none],"
"mnt_tag=tag.\n"); "mnt_tag=tag.\n");
exit(1); exit(1);
} }