From: "M. Mohan Kumar" <mohan@in.ibm.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [V7 PATCH 7/9] virtio-9p: Support for creating special files
Date: Wed, 9 Mar 2011 13:38:31 +0530 [thread overview]
Message-ID: <201103091338.32071.mohan@in.ibm.com> (raw)
In-Reply-To: <AANLkTi=MRbf2TXR-ZdLq7dUEjzhj3uAMA3pPEgRDs604@mail.gmail.com>
On Friday 04 March 2011 4:36:35 pm Stefan Hajnoczi wrote:
> On Fri, Mar 4, 2011 at 9:25 AM, M. Mohan Kumar <mohan@in.ibm.com> wrote:
> > +static int chroot_do_create_special(V9fsFileObjectRequest *request)
> > +{
> > + int cur_uid, cur_gid;
> > + int retval = -1;
> > +
> > + cur_uid = geteuid();
> > + cur_gid = getegid();
> > +
> > + if (setfsuid(request->data.uid) < 0) {
> > + return -errno;
> > + }
> > + if (setfsgid(request->data.gid) < 0) {
> > + retval = -errno;
> > + goto unset_uid;
> > + }
> > +
> > + switch (request->data.type) {
> > + case T_MKDIR:
> > + retval = mkdir(request->path.path, request->data.mode);
> > + break;
> > + case T_SYMLINK:
> > + retval = symlink(request->path.old_path, request->path.path);
> > + break;
> > + case T_LINK:
> > + retval = link(request->path.old_path, request->path.path);
> > + break;
> > + default:
> > + retval = mknod(request->path.path, request->data.mode,
> > + request->data.dev);
> > + break;
> > + }
> > +
> > + if (retval < 0) {
> > + retval = -errno;
> > + }
> > + setfsgid(cur_gid);
> > +unset_uid:
> > + setfsuid(cur_uid);
> > + return retval;
> > +}
>
> It would be nice to take this one step further and move file create
> and open here too. The prototype we need is:
>
> static int chroot_handle_request(V9fsFileObjectRequest *request, int *fd)
> {
> *fd = -1;
>
> It returns 0 on success or -errno and *fd >= 0 if a file descriptor
> was opened and -1 otherwise.
>
> This function becomes the main request processing function called from
> v9fs_chroot() and the switch statement there can be eliminated.
>
We don't need setfsgid, setfsuid for normal open. Also I think having separate
function based on the functionality helps better code readability.
> Sending the response back to QEMU then gets a cleaned up prototype:
> chroot_sendfd(int chroot_sock, int result, int fd) where result is 0
> on success or -errno and fd >= 0 if present or -1 if not.
>
> > +int v9fs_create_special(FsContext *fs_ctx, V9fsFileObjectRequest
> > *request) +{
> > + int retval, sock_error;
> > + qemu_mutex_lock(&fs_ctx->chroot_mutex);
> > + if (fs_ctx->chroot_ioerror) {
> > + retval = -EIO;
> > + goto unlock;
> > + }
> > + if (v9fs_write_request(fs_ctx->chroot_socket, request) < 0) {
> > + fs_ctx->chroot_ioerror = 1;
> > + retval = -EIO;
> > + goto unlock;
> > + }
> > + retval = v9fs_receivefd(fs_ctx->chroot_socket, &sock_error);
> > + if (retval < 0 && sock_error) {
> > + fs_ctx->chroot_ioerror = 1;
> > + }
> > +unlock:
> > + qemu_mutex_unlock(&fs_ctx->chroot_mutex);
> > + return retval;
> > +}
>
> This function is a duplicate of v9fs_request(). Can't there be just
> one function?
>
Yeah, I will make it as a single function.
----
M. Mohan Kumar
next prev parent reply other threads:[~2011-03-09 8:09 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-04 9:25 [Qemu-devel] [V7 PATCH 0/9] virtio-9p: Use chroot to safely access files in passthrough security model M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 1/9] Implement qemu_read_full M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 2/9] virtio-9p: Enable CONFIG_THREAD if CONFIG_VIRTFS is enabled M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 3/9] virtio-9p: Provide chroot worker side interfaces M. Mohan Kumar
2011-03-04 10:53 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-08 5:10 ` Venkateswararao Jujjuri (JV)
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 4/9] virtio-9p: Add qemu side interfaces for chroot environment M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 5/9] virtio-9p: Add support to open a file in " M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 6/9] virtio-9p: Create support " M. Mohan Kumar
2011-03-04 10:28 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 7/9] virtio-9p: Support for creating special files M. Mohan Kumar
2011-03-04 11:06 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-09 8:08 ` M. Mohan Kumar [this message]
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 8/9] virtio-9p: Move file post creation changes to none security model M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 9/9] virtio-9p: Chroot environment for other functions M. Mohan Kumar
2011-03-04 11:52 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-09 8:10 ` M. Mohan Kumar
2011-03-11 17:12 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201103091338.32071.mohan@in.ibm.com \
--to=mohan@in.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.