This is equivalent to SM_PASSTHROUGH security model.
The only exception is, failure of privilige operation like chown
are ignored. This makes a passthrough like security model usable
for people who runs kvm as non root
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
TXATTRCREATE: Prepare a fid for setting xattr value on a file system object.
size[4] TXATTRCREATE tag[2] fid[4] name[s] attr_size[8] flags[4]
size[4] RXATTRWALK tag[2]
txattrcreate gets a fid pointing to xattr. This fid can later be
used to get set the xattr value.
flag value is derived from set Linux setxattr. The manpage says
"The flags parameter can be used to refine the semantics of the operation.
XATTR_CREATE specifies a pure create, which fails if the named attribute
exists already. XATTR_REPLACE specifies a pure replace operation, which
fails if the named attribute does not already exist. By default (no flags),
the extended attribute will be created if need be, or will simply replace
the value if the attribute exists."
The actual setxattr operation happens when the fid is clunked. At that point
the written byte count and the attr_size specified in TXATTRCREATE should be
same otherwise an error will be returned.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
TXATTRWALK: Descend a ATTR namespace
size[4] TXATTRWALK tag[2] fid[4] newfid[4] name[s]
size[4] RXATTRWALK tag[2] size[8]
txattrwalk gets a fid pointing to xattr. This fid can later be
used to get read the xattr value. If name is NULL the fid returned
can be used to get the list of extended attribute associated to
the file system object.
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Current code resets file's atime to 0 when there is a change in mtime.
This results in resetting the atime to "1970-01-01 05:30:00". For
example, truncate -s 0 filename results in changing the mtime to the
truncate time, but resets the atime to "1970-01-01 05:30:00". utime
system call does not have any provision to set only mtime or atime. So
change v9fs_wstat_post_chmod function to use utimensat function to change
the atime and mtime fields. If tv_nsec field is set to the special value
"UTIME_OMIT", corresponding file time stamp is not updated.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Implement statfs support in qemu server based on Sripathi's
initial statfs patch.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
Signed-off-by: Sripathi Kodi <sripathik@in.ibm.com>
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Mapped mode stores extended attributes in the user space of the extended
attributes. Given that the user space extended attributes are available
to regular files only, special files are created as regular files on the
fileserver and appropriate mode bits are added to the extended attributes.
This method presents all special files and symlinks as regular files on the
fileserver while they are represented as special files on the guest mount.
On Host/Fileserver:
-rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:36 afifo
-rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:32 blkdev
-rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:33 chardev
On Guest/Client:
prw-r--r-- 1 guestuser guestuser 0 2010-05-11 12:36 afifo
brw-r--r-- 1 guestuser guestuser 0, 0 2010-05-11 12:32 blkdev
crw-r--r-- 1 guestuser guestuser 4, 5 2010-05-11 12:33 chardev
In the passthrough securit model, specifal files are directly created
on the fileserver. But the user credential
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Mapped mode stores extended attributes in the user space of the extended
attributes. Given that the user space extended attributes are available
to regular files only, special files are created as regular files on the
fileserver and appropriate mode bits are added to the extended attributes.
This method presents all special files and symlinks as regular files on the
fileserver while they are represented as special files on the guest mount.
Implemntation of symlink in mapped security model:
A regular file is created and the link target is written to it.
readlink() reads it back from the file.
On Guest/Client:
lrwxrwxrwx 1 root root 6 2010-05-11 12:20 asymlink -> afile
On Host/Fileserver:
-rw-------. 1 root root 6 2010-05-11 09:20 asymlink
afile
Under passthrough model, it just calls underlying symlink() readlink()
system calls are used.
Under both security models, client user credentials are changed
after the filesystem objec creation.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In the mapped security model, VirtFS server intercepts and maps
the file object create and get/set attribute requests. Files on the fileserver
will be created with VirtFS servers (QEMU) user credentials and the
client-users credentials are stored in extended attributes. On the request
to get attributes, server extracts the client-users credentials
from extended attributes and sends them to the client.
On Host/Fileserver:
-rw-------. 2 virfsuid virtfsgid 0 2010-05-11 09:19 afile
On Guest/Client:
-rw-r--r-- 2 guestuser guestuser 0 2010-05-11 12:19 afile
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
mapped model changes the owner in the extended attributes.
passthrough model does the change through lchown() as the
server don't need to follow the link and client will send the
actual filesystem object.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch adds required infrastructure for the new security model.
- A new configure option for attr/xattr.
- if CONFIG_VIRTFS will be defined if both CONFIG_LINUX and CONFIG_ATTR defined.
- Defines routines related to both security models.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Implement P9_TREMOVE support.
This gets file deletion to work.
[mohan@in.ibm.com: Fix truncate to use the relative path]
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Implement P9_TWRITE support.
This gets write to file to work
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Add minimal set of FileOperations and the corresponding implementations for
local fstype. These will be required for the FID management patches later on.
[aneesh.kumar@linux.vnet.ibm.com: rpath fix ]
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This patch creates a new command line option named -fsdev to hold any file
system specific information.
The option will currently hold the following attributes:
-fsdev fstype id=id,path=path_to_share
where
fstype: Type of the file system.
id: Identifier used to refer to this fsdev
path: The path on the host that is identified by this fsdev.
[aneesh.kumar@linux.vnet.ibm.com: Abstraction using FsContext]
Signed-off-by: Gautham R Shenoy <ego@in.ibm.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Aneesh Kumar K.V
M. Mohan Kumar
Venkateswararao Jujjuri (JV)
Anthony Liguori
Gautham R Shenoy