From: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
To: "M. Mohan Kumar" <mohan@in.ibm.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [V6 PATCH 7/9] virtio-9p: Support for creating special files
Date: Tue, 01 Mar 2011 15:00:06 -0800 [thread overview]
Message-ID: <4D6D7A76.3010806@linux.vnet.ibm.com> (raw)
In-Reply-To: <1298892156-11667-8-git-send-email-mohan@in.ibm.com>
On 2/28/2011 3:22 AM, M. Mohan Kumar wrote:
> Add both chroot deamon and qemu side interfaces to create special files
> (directory, device nodes, links and symbolic links)
>
> Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
> ---
> hw/9pfs/virtio-9p-chroot-dm.c | 57 ++++++++++++++++++++++++
> hw/9pfs/virtio-9p-chroot-qemu.c | 19 ++++++++
> hw/9pfs/virtio-9p-chroot.h | 1 +
> hw/9pfs/virtio-9p-local.c | 93 ++++++++++++++++++++++++++-------------
> 4 files changed, 139 insertions(+), 31 deletions(-)
>
> diff --git a/hw/9pfs/virtio-9p-chroot-dm.c b/hw/9pfs/virtio-9p-chroot-dm.c
> index 985d42b..0ead017 100644
> --- a/hw/9pfs/virtio-9p-chroot-dm.c
> +++ b/hw/9pfs/virtio-9p-chroot-dm.c
> @@ -119,6 +119,57 @@ unset_uid:
> setfsuid(cur_uid);
> }
>
> +/*
> + * Create directory, symbolic link, link, device node and regular files
> + * Similar to create, but it does not return the fd of created object
> + * Returns 0 as file descriptor on success and -errno on failure in FdInfo
> + * structure
> + */
> +static void chroot_do_create_special(V9fsFileObjectRequest *request,
> + FdInfo *fd_info)
> +{
> + int cur_uid, cur_gid;
> +
> + cur_uid = geteuid();
> + cur_gid = getegid();
> +
> + fd_info->fi_fd = -1;
> + /* fd is not valid for create operations */
> + fd_info->fi_flags = FI_FD_INVALID;
> +
> + if (setfsuid(request->data.uid) < 0) {
> + fd_info->fi_fd = -errno;
> + return;
> + }
> + if (setfsgid(request->data.gid) < 0) {
> + fd_info->fi_fd = -errno;
> + goto unset_uid;
> + }
> +
> + switch (request->data.type) {
> + case T_MKDIR:
> + fd_info->fi_fd = mkdir(request->path.path, request->data.mode);
> + break;
> + case T_SYMLINK:
> + fd_info->fi_fd = symlink(request->path.old_path, request->path.path);
> + break;
> + case T_LINK:
> + fd_info->fi_fd = link(request->path.old_path, request->path.path);
> + break;
> + default:
> + fd_info->fi_fd = mknod(request->path.path, request->data.mode,
> + request->data.dev);
> + break;
> + }
> +
> + if (fd_info->fi_fd < 0) {
> + fd_info->fi_fd = -errno;
> + }
> + setfsgid(cur_gid);
> +unset_uid:
> + setfsuid(cur_uid);
> +}
> +
> static int chroot_daemonize(int chroot_sock)
> {
> sigset_t sigset;
> @@ -216,6 +267,12 @@ int v9fs_chroot(FsContext *fs_ctx)
> case T_CREATE:
> chroot_do_create(&request, &fd_info);
> break;
> + case T_MKDIR:
> + case T_SYMLINK:
> + case T_LINK:
> + case T_MKNOD:
> + chroot_do_create_special(&request, &fd_info);
> + break;
> default:
> fd_info.fi_flags = FI_FD_SOCKERR;
> break;
> diff --git a/hw/9pfs/virtio-9p-chroot-qemu.c b/hw/9pfs/virtio-9p-chroot-qemu.c
> index 41f9db2..1a42dc2 100644
> --- a/hw/9pfs/virtio-9p-chroot-qemu.c
> +++ b/hw/9pfs/virtio-9p-chroot-qemu.c
> @@ -103,3 +103,22 @@ unlock:
> qemu_mutex_unlock(&fs_ctx->chroot_mutex);
> return fd;
> }
> +
> +/* Return 0 on success or -errno on error */
> +int v9fs_create_special(FsContext *fs_ctx, V9fsFileObjectRequest *request)
> +{
> + int fd, sock_error;
Since this is not fd; may be you can use some other variable like err or something?
> + qemu_mutex_lock(&fs_ctx->chroot_mutex);
> + if (fs_ctx->chroot_ioerror) {
> + fd = -EIO;
> + goto unlock;
> + }
> + v9fs_write_request(fs_ctx->chroot_socket, request);
> + fd = v9fs_receivefd(fs_ctx->chroot_socket, &sock_error);
> + if (fd < 0 && sock_error) {
> + fs_ctx->chroot_ioerror = 1;
> + }
Format??
- JV
> +unlock:
> + qemu_mutex_unlock(&fs_ctx->chroot_mutex);
> + return fd;
> +}
> diff --git a/hw/9pfs/virtio-9p-chroot.h b/hw/9pfs/virtio-9p-chroot.h
> index 4592807..f113ff1 100644
> --- a/hw/9pfs/virtio-9p-chroot.h
> +++ b/hw/9pfs/virtio-9p-chroot.h
> @@ -54,5 +54,6 @@ typedef struct V9fsFileObjectRequest
>
> int v9fs_chroot(FsContext *fs_ctx);
> int v9fs_request(FsContext *fs_ctx, V9fsFileObjectRequest *or);
> +int v9fs_create_special(FsContext *fs_ctx, V9fsFileObjectRequest *request);
>
> #endif /* _QEMU_VIRTIO_9P_CHROOT_H */
> diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
> index 3fed16c..c92c5dd 100644
> --- a/hw/9pfs/virtio-9p-local.c
> +++ b/hw/9pfs/virtio-9p-local.c
> @@ -74,6 +74,28 @@ static int passthrough_create(FsContext *fs_ctx, const char *path, int flags,
> return fd;
> }
>
> +static int passthrough_create_special(FsContext *fs_ctx, const char *oldpath,
> + const char *path, FsCred *credp, int type)
> +{
> + V9fsFileObjectRequest request;
> + int retval;
> +
> + retval = fill_fileobjectrequest(&request, path, credp);
> + if (retval < 0) {
> + return retval;
> + }
> + request.data.type = type;
> + if (oldpath) {
> + request.data.oldpath_len = strlen(oldpath);
> + if (strlen(oldpath) > PATH_MAX) {
> + return -ENAMETOOLONG;
> + }
> + strcpy(request.path.old_path, oldpath);
> + }
> + retval = v9fs_create_special(fs_ctx, &request);
> + return retval;
> +}
> +
> static int local_lstat(FsContext *fs_ctx, const char *path, struct stat *stbuf)
> {
> int err;
> @@ -291,8 +313,7 @@ static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp)
> serrno = errno;
> goto err_end;
> }
> - } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
> - (fs_ctx->fs_sm == SM_NONE)) {
> + } else if (fs_ctx->fs_sm == SM_NONE) {
> err = mknod(rpath(fs_ctx, path), credp->fc_mode, credp->fc_rdev);
> if (err == -1) {
> return err;
> @@ -302,6 +323,12 @@ static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp)
> serrno = errno;
> goto err_end;
> }
> + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
> + err = passthrough_create_special(fs_ctx, NULL, path, credp, T_MKNOD);
> + if (err < 0) {
> + serrno = errno;
> + goto err_end;
> + }
> }
> return err;
>
> @@ -328,8 +355,7 @@ static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
> serrno = errno;
> goto err_end;
> }
> - } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
> - (fs_ctx->fs_sm == SM_NONE)) {
> + } else if (fs_ctx->fs_sm == SM_NONE) {
> err = mkdir(rpath(fs_ctx, path), credp->fc_mode);
> if (err == -1) {
> return err;
> @@ -339,6 +365,12 @@ static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
> serrno = errno;
> goto err_end;
> }
> + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
> + err = passthrough_create_special(fs_ctx, NULL, path, credp, T_MKDIR);
> + if (err < 0) {
> + serrno = errno;
> + goto err_end;
> + }
> }
> return err;
>
> @@ -456,23 +488,19 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
> serrno = errno;
> goto err_end;
> }
> - } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
> - (fs_ctx->fs_sm == SM_NONE)) {
> + } else if (fs_ctx->fs_sm == SM_NONE) {
> err = symlink(oldpath, rpath(fs_ctx, newpath));
> if (err) {
> return err;
> }
> err = lchown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid);
> - if (err == -1) {
> - /*
> - * If we fail to change ownership and if we are
> - * using security model none. Ignore the error
> - */
> - if (fs_ctx->fs_sm != SM_NONE) {
> - serrno = errno;
> - goto err_end;
> - } else
> - err = 0;
> + err = 0;
> + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
> + err = passthrough_create_special(fs_ctx, oldpath, newpath, credp,
> + T_SYMLINK);
> + if (err < 0) {
> + serrno = errno;
> + goto err_end;
> }
> }
> return err;
> @@ -483,24 +511,27 @@ err_end:
> return err;
> }
>
> -static int local_link(FsContext *ctx, const char *oldpath, const char *newpath)
> +static int local_link(FsContext *fs_ctx, const char *oldpath,
> + const char *newpath)
> {
> - char *tmp = qemu_strdup(rpath(ctx, oldpath));
> int err, serrno = 0;
>
> - if (tmp == NULL) {
> - return -ENOMEM;
> - }
> -
> - err = link(tmp, rpath(ctx, newpath));
> - if (err == -1) {
> - serrno = errno;
> - }
> -
> - qemu_free(tmp);
> -
> - if (err == -1) {
> - errno = serrno;
> + if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
> + err = passthrough_create_special(fs_ctx, oldpath, newpath, NULL,
> + T_LINK);
> + if (err < 0) {
> + serrno = errno;
> + }
> + } else {
> + char *tmp = qemu_strdup(rpath(fs_ctx, oldpath));
> + if (tmp == NULL) {
> + return -ENOMEM;
> + }
> + err = link(tmp, rpath(fs_ctx, newpath));
> + if (err == -1) {
> + serrno = errno;
> + }
> + qemu_free(tmp);
> }
>
> return err;
next prev parent reply other threads:[~2011-03-01 23:00 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-28 11:22 [Qemu-devel] [V6 PATCH 0/9] virtio-9p: Use chroot to safely access files in passthrough security model M. Mohan Kumar
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 1/9] Implement qemu_read_full M. Mohan Kumar
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 2/9] virtio-9p: Enable CONFIG_THREAD if CONFIG_VIRTFS is enabled M. Mohan Kumar
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 3/9] virtio-9p: Provide chroot daemon side interfaces M. Mohan Kumar
2011-03-03 11:16 ` [Qemu-devel] " Stefan Hajnoczi
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 4/9] virtio-9p: Add qemu side interfaces for chroot environment M. Mohan Kumar
2011-03-03 11:38 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-03 14:01 ` M. Mohan Kumar
2011-03-03 14:25 ` Stefan Hajnoczi
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 5/9] virtio-9p: Add support to open a file in " M. Mohan Kumar
2011-03-03 12:09 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-03 13:54 ` M. Mohan Kumar
2011-03-03 14:16 ` Stefan Hajnoczi
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 6/9] virtio-9p: Create support " M. Mohan Kumar
2011-03-01 22:55 ` Venkateswararao Jujjuri (JV)
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 7/9] virtio-9p: Support for creating special files M. Mohan Kumar
2011-03-01 23:00 ` Venkateswararao Jujjuri (JV) [this message]
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 8/9] virtio-9p: Move file post creation changes to none security model M. Mohan Kumar
2011-02-28 11:22 ` [Qemu-devel] [V6 PATCH 9/9] virtio-9p: Chroot environment for other functions M. Mohan Kumar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D6D7A76.3010806@linux.vnet.ibm.com \
--to=jvrao@linux.vnet.ibm.com \
--cc=mohan@in.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.