From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: virtio-fs@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Virtio-fs] [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation
Date: Mon, 7 Feb 2022 12:49:24 +0000 [thread overview]
Message-ID: <YgEVVLBv9eWbhcDV@work-vm> (raw)
In-Reply-To: <20220202193935.268777-1-vgoyal@redhat.com>
* Vivek Goyal (vgoyal@redhat.com) wrote:
> Hi,
>
> This is V5 of the patches. I posted V4 here.
>
> https://listman.redhat.com/archives/virtio-fs/2022-January/msg00041.html
>
> These will allow us to support SELinux with virtiofs. This will send
> SELinux context at file creation to server and server can set it on
> file.
I think that's pretty close; I've got some minor comments I've replied
to on the individual patches.
I do worry that the number of different paths for each operation is now
quite large so hard to test.
I also wonder what happens on something other than SELinux.
Dave
> Changes since V4
> ----------------
> - Parse only known current size of fuse_init_in. This will make sure
> that future extension does not break existing code upon header
> update. (David Gilbert)
>
> - Changed order of one of the patch. It is first patch in series. This
> will help fix the breakage before header update patch and code remains
> git bisectable. (David Gilbert)
>
> - Changed %lx to %llx at one place. (David Gilbert).
>
> Thanks
> Vivek
>
> Vivek Goyal (9):
> virtiofsd: Fix breakage due to fuse_init_in size change
> linux-headers: Update headers to v5.17-rc1
> virtiofsd: Parse extended "struct fuse_init_in"
> virtiofsd: Extend size of fuse_conn_info->capable and ->want fields
> virtiofsd, fuse_lowlevel.c: Add capability to parse security context
> virtiofsd: Move core file creation code in separate function
> virtiofsd: Create new file with fscreate set
> virtiofsd: Create new file using O_TMPFILE and set security context
> virtiofsd: Add an option to enable/disable security label
>
> docs/tools/virtiofsd.rst | 7 +
> include/standard-headers/asm-x86/kvm_para.h | 1 +
> include/standard-headers/drm/drm_fourcc.h | 11 +
> include/standard-headers/linux/ethtool.h | 1 +
> include/standard-headers/linux/fuse.h | 60 ++-
> include/standard-headers/linux/pci_regs.h | 142 +++---
> include/standard-headers/linux/virtio_gpio.h | 72 +++
> include/standard-headers/linux/virtio_i2c.h | 47 ++
> include/standard-headers/linux/virtio_iommu.h | 8 +-
> .../standard-headers/linux/virtio_pcidev.h | 65 +++
> include/standard-headers/linux/virtio_scmi.h | 24 +
> linux-headers/asm-generic/unistd.h | 5 +-
> linux-headers/asm-mips/unistd_n32.h | 2 +
> linux-headers/asm-mips/unistd_n64.h | 2 +
> linux-headers/asm-mips/unistd_o32.h | 2 +
> linux-headers/asm-powerpc/unistd_32.h | 2 +
> linux-headers/asm-powerpc/unistd_64.h | 2 +
> linux-headers/asm-riscv/bitsperlong.h | 14 +
> linux-headers/asm-riscv/mman.h | 1 +
> linux-headers/asm-riscv/unistd.h | 44 ++
> linux-headers/asm-s390/unistd_32.h | 2 +
> linux-headers/asm-s390/unistd_64.h | 2 +
> linux-headers/asm-x86/kvm.h | 16 +-
> linux-headers/asm-x86/unistd_32.h | 1 +
> linux-headers/asm-x86/unistd_64.h | 1 +
> linux-headers/asm-x86/unistd_x32.h | 1 +
> linux-headers/linux/kvm.h | 17 +
> tools/virtiofsd/fuse_common.h | 9 +-
> tools/virtiofsd/fuse_i.h | 7 +
> tools/virtiofsd/fuse_lowlevel.c | 162 +++++--
> tools/virtiofsd/helper.c | 1 +
> tools/virtiofsd/passthrough_ll.c | 414 ++++++++++++++++--
> 32 files changed, 1013 insertions(+), 132 deletions(-)
> create mode 100644 include/standard-headers/linux/virtio_gpio.h
> create mode 100644 include/standard-headers/linux/virtio_i2c.h
> create mode 100644 include/standard-headers/linux/virtio_pcidev.h
> create mode 100644 include/standard-headers/linux/virtio_scmi.h
> create mode 100644 linux-headers/asm-riscv/bitsperlong.h
> create mode 100644 linux-headers/asm-riscv/mman.h
> create mode 100644 linux-headers/asm-riscv/unistd.h
>
> --
> 2.34.1
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: virtio-fs@redhat.com, mszeredi@redhat.com, qemu-devel@nongnu.org
Subject: Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation
Date: Mon, 7 Feb 2022 12:49:24 +0000 [thread overview]
Message-ID: <YgEVVLBv9eWbhcDV@work-vm> (raw)
In-Reply-To: <20220202193935.268777-1-vgoyal@redhat.com>
* Vivek Goyal (vgoyal@redhat.com) wrote:
> Hi,
>
> This is V5 of the patches. I posted V4 here.
>
> https://listman.redhat.com/archives/virtio-fs/2022-January/msg00041.html
>
> These will allow us to support SELinux with virtiofs. This will send
> SELinux context at file creation to server and server can set it on
> file.
I think that's pretty close; I've got some minor comments I've replied
to on the individual patches.
I do worry that the number of different paths for each operation is now
quite large so hard to test.
I also wonder what happens on something other than SELinux.
Dave
> Changes since V4
> ----------------
> - Parse only known current size of fuse_init_in. This will make sure
> that future extension does not break existing code upon header
> update. (David Gilbert)
>
> - Changed order of one of the patch. It is first patch in series. This
> will help fix the breakage before header update patch and code remains
> git bisectable. (David Gilbert)
>
> - Changed %lx to %llx at one place. (David Gilbert).
>
> Thanks
> Vivek
>
> Vivek Goyal (9):
> virtiofsd: Fix breakage due to fuse_init_in size change
> linux-headers: Update headers to v5.17-rc1
> virtiofsd: Parse extended "struct fuse_init_in"
> virtiofsd: Extend size of fuse_conn_info->capable and ->want fields
> virtiofsd, fuse_lowlevel.c: Add capability to parse security context
> virtiofsd: Move core file creation code in separate function
> virtiofsd: Create new file with fscreate set
> virtiofsd: Create new file using O_TMPFILE and set security context
> virtiofsd: Add an option to enable/disable security label
>
> docs/tools/virtiofsd.rst | 7 +
> include/standard-headers/asm-x86/kvm_para.h | 1 +
> include/standard-headers/drm/drm_fourcc.h | 11 +
> include/standard-headers/linux/ethtool.h | 1 +
> include/standard-headers/linux/fuse.h | 60 ++-
> include/standard-headers/linux/pci_regs.h | 142 +++---
> include/standard-headers/linux/virtio_gpio.h | 72 +++
> include/standard-headers/linux/virtio_i2c.h | 47 ++
> include/standard-headers/linux/virtio_iommu.h | 8 +-
> .../standard-headers/linux/virtio_pcidev.h | 65 +++
> include/standard-headers/linux/virtio_scmi.h | 24 +
> linux-headers/asm-generic/unistd.h | 5 +-
> linux-headers/asm-mips/unistd_n32.h | 2 +
> linux-headers/asm-mips/unistd_n64.h | 2 +
> linux-headers/asm-mips/unistd_o32.h | 2 +
> linux-headers/asm-powerpc/unistd_32.h | 2 +
> linux-headers/asm-powerpc/unistd_64.h | 2 +
> linux-headers/asm-riscv/bitsperlong.h | 14 +
> linux-headers/asm-riscv/mman.h | 1 +
> linux-headers/asm-riscv/unistd.h | 44 ++
> linux-headers/asm-s390/unistd_32.h | 2 +
> linux-headers/asm-s390/unistd_64.h | 2 +
> linux-headers/asm-x86/kvm.h | 16 +-
> linux-headers/asm-x86/unistd_32.h | 1 +
> linux-headers/asm-x86/unistd_64.h | 1 +
> linux-headers/asm-x86/unistd_x32.h | 1 +
> linux-headers/linux/kvm.h | 17 +
> tools/virtiofsd/fuse_common.h | 9 +-
> tools/virtiofsd/fuse_i.h | 7 +
> tools/virtiofsd/fuse_lowlevel.c | 162 +++++--
> tools/virtiofsd/helper.c | 1 +
> tools/virtiofsd/passthrough_ll.c | 414 ++++++++++++++++--
> 32 files changed, 1013 insertions(+), 132 deletions(-)
> create mode 100644 include/standard-headers/linux/virtio_gpio.h
> create mode 100644 include/standard-headers/linux/virtio_i2c.h
> create mode 100644 include/standard-headers/linux/virtio_pcidev.h
> create mode 100644 include/standard-headers/linux/virtio_scmi.h
> create mode 100644 linux-headers/asm-riscv/bitsperlong.h
> create mode 100644 linux-headers/asm-riscv/mman.h
> create mode 100644 linux-headers/asm-riscv/unistd.h
>
> --
> 2.34.1
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2022-02-07 12:49 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 19:39 [Virtio-fs] [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 1/9] virtiofsd: Fix breakage due to fuse_init_in size change Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 2/9] linux-headers: Update headers to v5.17-rc1 Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 3/9] virtiofsd: Parse extended "struct fuse_init_in" Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-03 18:56 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-03 18:56 ` Dr. David Alan Gilbert
2022-02-07 13:31 ` [Virtio-fs] " Vivek Goyal
2022-02-07 13:31 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 4/9] virtiofsd: Extend size of fuse_conn_info->capable and ->want fields Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 5/9] virtiofsd, fuse_lowlevel.c: Add capability to parse security context Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-03 19:41 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-03 19:41 ` Dr. David Alan Gilbert
2022-02-07 13:47 ` [Virtio-fs] " Vivek Goyal
2022-02-07 13:47 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 6/9] virtiofsd: Move core file creation code in separate function Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 7/9] virtiofsd: Create new file with fscreate set Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-07 11:38 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-07 11:38 ` Dr. David Alan Gilbert
2022-02-07 14:07 ` [Virtio-fs] " Vivek Goyal
2022-02-07 14:07 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 8/9] virtiofsd: Create new file using O_TMPFILE and set security context Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-07 12:23 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-07 12:23 ` Dr. David Alan Gilbert
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 9/9] virtiofsd: Add an option to enable/disable security label Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-07 12:40 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-07 12:40 ` Dr. David Alan Gilbert
2022-02-07 14:13 ` [Virtio-fs] " Vivek Goyal
2022-02-07 14:13 ` Vivek Goyal
2022-02-07 12:49 ` Dr. David Alan Gilbert [this message]
2022-02-07 12:49 ` [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation Dr. David Alan Gilbert
2022-02-07 14:30 ` [Virtio-fs] " Vivek Goyal
2022-02-07 14:30 ` Vivek Goyal
2022-02-07 16:06 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-07 16:06 ` Dr. David Alan Gilbert
2022-02-07 13:05 ` [Virtio-fs] " Daniel P. Berrangé
2022-02-07 13:05 ` Daniel P. Berrangé
2022-02-07 13:24 ` [Virtio-fs] " Vivek Goyal
2022-02-07 13:24 ` Vivek Goyal
2022-02-07 13:30 ` [Virtio-fs] " Daniel P. Berrangé
2022-02-07 13:30 ` Daniel P. Berrangé
2022-02-07 14:50 ` [Virtio-fs] " Vivek Goyal
2022-02-07 14:50 ` Vivek Goyal
2022-02-07 21:19 ` [Virtio-fs] " Vivek Goyal
2022-02-07 21:19 ` Vivek Goyal
2022-02-07 21:34 ` [Virtio-fs] " Daniel Walsh
2022-02-07 21:34 ` Daniel Walsh
2022-02-08 8:59 ` [Virtio-fs] " Daniel P. Berrangé
2022-02-08 8:59 ` Daniel P. Berrangé
2022-02-09 10:24 ` [Virtio-fs] " German Maglione
2022-02-09 15:08 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YgEVVLBv9eWbhcDV@work-vm \
--to=dgilbert@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.