From: Anthony Liguori <anthony@codemonkey.ws>
To: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH-V7 01/10] virtio-9p: Introduces an option to specify the security model.
Date: Tue, 22 Jun 2010 20:47:45 -0500 [thread overview]
Message-ID: <4C2167C1.7020403@codemonkey.ws> (raw)
In-Reply-To: <1276547689-3408-2-git-send-email-jvrao@linux.vnet.ibm.com>
On 06/14/2010 03:34 PM, Venkateswararao Jujjuri (JV) wrote:
> The new option is:
>
> -fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough]
> -virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag
>
> In the case of mapped security model, files are created with QEMU user
> credentials and the client-user's credentials are saved in extended attributes.
> Whereas in the case of passthrough security model, files on the
> filesystem are directly created with client-user's credentials.
>
> Signed-off-by: Venkateswararao Jujjuri<jvrao@linux.vnet.ibm.com>
>
Applied all. Thanks.
Regards,
Anthony Liguori
> ---
> fsdev/qemu-fsdev.c | 9 ++++++++-
> fsdev/qemu-fsdev.h | 1 +
> hw/virtio-9p.c | 9 +++++++++
> qemu-config.c | 6 ++++++
> qemu-options.hx | 15 +++++++++++----
> vl.c | 18 +++++++++++++++---
> 6 files changed, 50 insertions(+), 8 deletions(-)
>
> diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
> index 813e1f7..ad69b0e 100644
> --- a/fsdev/qemu-fsdev.c
> +++ b/fsdev/qemu-fsdev.c
> @@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts)
> return -1;
> }
>
> - for (i = 0; i< ARRAY_SIZE(FsTypes); i++) {
> + for (i = 0; i< ARRAY_SIZE(FsTypes); i++) {
> if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
> break;
> }
> @@ -46,10 +46,17 @@ int qemu_fsdev_add(QemuOpts *opts)
> return -1;
> }
>
> + if (qemu_opt_get(opts, "security_model") == NULL) {
> + fprintf(stderr, "fsdev: No security_model specified.\n");
> + return -1;
> + }
> +
> fsle = qemu_malloc(sizeof(*fsle));
>
> fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
> fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
> + fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
> + "security_model"));
> fsle->fse.ops = FsTypes[i].ops;
>
> QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
> diff --git a/fsdev/qemu-fsdev.h b/fsdev/qemu-fsdev.h
> index b50fbe0..6c27881 100644
> --- a/fsdev/qemu-fsdev.h
> +++ b/fsdev/qemu-fsdev.h
> @@ -40,6 +40,7 @@ typedef struct FsTypeTable {
> typedef struct FsTypeEntry {
> char *fsdev_id;
> char *path;
> + char *security_model;
> FileOperations *ops;
> } FsTypeEntry;
>
> diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
> index 038bb39..2530488 100644
> --- a/hw/virtio-9p.c
> +++ b/hw/virtio-9p.c
> @@ -2253,6 +2253,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
> exit(1);
> }
>
> + if (!strcmp(fse->security_model, "passthrough")&&
> + !strcmp(fse->security_model, "mapped")) {
> + /* user haven't specified a correct security option */
> + fprintf(stderr, "one of the following must be specified as the"
> + "security option:\n\t security_model=passthrough \n\t "
> + "security_model=mapped\n");
> + return NULL;
> + }
> +
> if (lstat(fse->path,&stat)) {
> fprintf(stderr, "share path %s does not exist\n", fse->path);
> exit(1);
> diff --git a/qemu-config.c b/qemu-config.c
> index 5a4e61b..95abe61 100644
> --- a/qemu-config.c
> +++ b/qemu-config.c
> @@ -163,6 +163,9 @@ QemuOptsList qemu_fsdev_opts = {
> }, {
> .name = "path",
> .type = QEMU_OPT_STRING,
> + }, {
> + .name = "security_model",
> + .type = QEMU_OPT_STRING,
> },
> { /*End of list */ }
> },
> @@ -184,6 +187,9 @@ QemuOptsList qemu_virtfs_opts = {
> }, {
> .name = "mount_tag",
> .type = QEMU_OPT_STRING,
> + }, {
> + .name = "security_model",
> + .type = QEMU_OPT_STRING,
> },
>
> { /*End of list */ }
> diff --git a/qemu-options.hx b/qemu-options.hx
> index a6928b7..d1d2272 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -486,7 +486,7 @@ ETEXI
> DEFHEADING(File system options:)
>
> DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
> - "-fsdev local,id=id,path=path\n",
> + "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
> QEMU_ARCH_ALL)
>
> STEXI
> @@ -502,7 +502,7 @@ The specific Fstype will determine the applicable options.
>
> Options to each backend are described below.
>
> -@item -fsdev local ,id=@var{id} ,path=@var{path}
> +@item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model}
>
> Create a file-system-"device" for local-filesystem.
>
> @@ -510,6 +510,9 @@ Create a file-system-"device" for local-filesystem.
>
> @option{path} specifies the path to be exported. @option{path} is required.
>
> +@option{security_model} specifies the security model to be followed.
> +@option{security_model} is required.
> +
> @end table
> ETEXI
> #endif
> @@ -518,7 +521,7 @@ ETEXI
> DEFHEADING(Virtual File system pass-through options:)
>
> DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
> - "-virtfs local,path=path,mount_tag=tag\n",
> + "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
> QEMU_ARCH_ALL)
>
> STEXI
> @@ -534,7 +537,7 @@ The specific Fstype will determine the applicable options.
>
> Options to each backend are described below.
>
> -@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag}
> +@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model}
>
> Create a Virtual file-system-pass through for local-filesystem.
>
> @@ -542,6 +545,10 @@ Create a Virtual file-system-pass through for local-filesystem.
>
> @option{path} specifies the path to be exported. @option{path} is required.
>
> +@option{security_model} specifies the security model to be followed.
> +@option{security_model} is required.
> +
> +
> @option{mount_tag} specifies the tag with which the exported file is mounted.
> @option{mount_tag} is required.
>
> diff --git a/vl.c b/vl.c
> index 7121cd0..98491ae 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -3094,10 +3094,21 @@ int main(int argc, char **argv, char **envp)
> exit(1);
> }
>
> - len = strlen(",id=,path=");
> + if (qemu_opt_get(opts, "fstype") == NULL ||
> + qemu_opt_get(opts, "mount_tag") == NULL ||
> + qemu_opt_get(opts, "path") == NULL ||
> + qemu_opt_get(opts, "security_model") == NULL) {
> + fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
> + "security_model=[mapped|passthrough],"
> + "mnt_tag=tag.\n");
> + exit(1);
> + }
> +
> + len = strlen(",id=,path=,security_model=");
> len += strlen(qemu_opt_get(opts, "fstype"));
> len += strlen(qemu_opt_get(opts, "mount_tag"));
> len += strlen(qemu_opt_get(opts, "path"));
> + len += strlen(qemu_opt_get(opts, "security_model"));
> arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
>
> if (!arg_fsdev) {
> @@ -3106,10 +3117,11 @@ int main(int argc, char **argv, char **envp)
> exit(1);
> }
>
> - sprintf(arg_fsdev, "%s,id=%s,path=%s",
> + sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
> qemu_opt_get(opts, "fstype"),
> qemu_opt_get(opts, "mount_tag"),
> - qemu_opt_get(opts, "path"));
> + qemu_opt_get(opts, "path"),
> + qemu_opt_get(opts, "security_model"));
>
> len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
> len += 2*strlen(qemu_opt_get(opts, "mount_tag"));
>
next prev parent reply other threads:[~2010-06-23 1:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-14 20:34 [Qemu-devel] PATCH-V7 0/10] virtio-9p:Introducing security model for VirtFS Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 01/10] virtio-9p: Introduces an option to specify the security model Venkateswararao Jujjuri (JV)
2010-06-23 1:47 ` Anthony Liguori [this message]
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 02/10] virtio-9p: Make infrastructure for the new " Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 03/10] virtio-9p: Security model for chmod Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 04/10] virtio-9p: Security model for chown Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 05/10] virtio-9p: Implemented Security model for lstat and fstat Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 06/10] virtio-9p: Security model for create/open2 Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 07/10] virtio-9p: Security model for mkdir Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 08/10] virtio-9p: Security model for symlink and readlink Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 09/10] virtio-9p: Implement Security model for mknod Venkateswararao Jujjuri (JV)
2010-06-14 21:04 ` Anthony Liguori
2010-06-14 21:21 ` Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 10/10] virtio-9p: Implement Security model for mksock using mknod Venkateswararao Jujjuri (JV)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C2167C1.7020403@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=aliguori@us.ibm.com \
--cc=jvrao@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.