From: Vivek Goyal <vgoyal@redhat.com>
To: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: virtio-fs@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Virtio-fs] [PATCH v5 9/9] virtiofsd: Add an option to enable/disable security label
Date: Mon, 7 Feb 2022 09:13:53 -0500 [thread overview]
Message-ID: <YgEpIXyRiafE8NSu@redhat.com> (raw)
In-Reply-To: <YgETNXv8AnnuLQR/@work-vm>
On Mon, Feb 07, 2022 at 12:40:21PM +0000, Dr. David Alan Gilbert wrote:
> * Vivek Goyal (vgoyal@redhat.com) wrote:
> > Provide an option "-o security_label/no_security_label" to enable/disable
> > security label functionality. By default these are turned off.
> >
> > If enabled, server will indicate to client that it is capable of handling
> > one security label during file creation. Typically this is expected to
> > be a SELinux label. File server will set this label on the file. It will
> > try to set it atomically wherever possible. But its not possible in
> > all the cases.
> >
> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > ---
> > docs/tools/virtiofsd.rst | 7 +++++++
> > tools/virtiofsd/helper.c | 1 +
> > tools/virtiofsd/passthrough_ll.c | 15 +++++++++++++++
> > 3 files changed, 23 insertions(+)
> >
> > diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
> > index 07ac0be551..a2c005f4a0 100644
> > --- a/docs/tools/virtiofsd.rst
> > +++ b/docs/tools/virtiofsd.rst
> > @@ -104,6 +104,13 @@ Options
> > * posix_acl|no_posix_acl -
> > Enable/disable posix acl support. Posix ACLs are disabled by default.
> >
> > + * security_label|no_security_label -
> > + Enable/disable security label support. Security labels are disabled by
> > + default. This will allow client to send a MAC label of file during
> ^ the ^ a
> > + file creation. Typically this is expected to be SELinux security
> ^ an
>
> > + label. Server will try to set that label on newly created file
> ^The server
> > + atomically wherever possible.
> > +
> > .. option:: --socket-path=PATH
> >
> > Listen on vhost-user UNIX domain socket at PATH.
> > diff --git a/tools/virtiofsd/helper.c b/tools/virtiofsd/helper.c
> > index a8295d975a..e226fc590f 100644
> > --- a/tools/virtiofsd/helper.c
> > +++ b/tools/virtiofsd/helper.c
> > @@ -187,6 +187,7 @@ void fuse_cmdline_help(void)
> > " default: no_allow_direct_io\n"
> > " -o announce_submounts Announce sub-mount points to the guest\n"
> > " -o posix_acl/no_posix_acl Enable/Disable posix_acl. (default: disabled)\n"
> > + " -o security_label/no_security_label Enable/Disable security label. (default: disabled)\n"
> > );
> > }
> >
> > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> > index 43c9b6dbe5..fe8f3ccbb6 100644
> > --- a/tools/virtiofsd/passthrough_ll.c
> > +++ b/tools/virtiofsd/passthrough_ll.c
> > @@ -181,6 +181,7 @@ struct lo_data {
> > int user_posix_acl, posix_acl;
> > /* Keeps track if /proc/<pid>/attr/fscreate should be used or not */
> > bool use_fscreate;
> > + int user_security_label;
> > };
> >
> > static const struct fuse_opt lo_opts[] = {
> > @@ -215,6 +216,8 @@ static const struct fuse_opt lo_opts[] = {
> > { "no_killpriv_v2", offsetof(struct lo_data, user_killpriv_v2), 0 },
> > { "posix_acl", offsetof(struct lo_data, user_posix_acl), 1 },
> > { "no_posix_acl", offsetof(struct lo_data, user_posix_acl), 0 },
> > + { "security_label", offsetof(struct lo_data, user_security_label), 1 },
> > + { "no_security_label", offsetof(struct lo_data, user_security_label), 0 },
> > FUSE_OPT_END
> > };
> > static bool use_syslog = false;
> > @@ -771,6 +774,17 @@ static void lo_init(void *userdata, struct fuse_conn_info *conn)
> > fuse_log(FUSE_LOG_DEBUG, "lo_init: disabling posix_acl\n");
> > conn->want &= ~FUSE_CAP_POSIX_ACL;
> > }
> > +
> > + if (lo->user_security_label == 1) {
> > + if (!(conn->capable & FUSE_CAP_SECURITY_CTX)) {
> > + fuse_log(FUSE_LOG_ERR, "lo_init: Can not enable security label."
> > + " kernel does not support FUSE_SECURITY_CTX capability.\n");
> > + }
>
> Do you need to exit in this case - or at least clear the flag?
Actually we don't have to necessarily exit here because fuse_lowlevel.c
has a check which makes it exit. And that's why I do not clear the
flag from ->want to signifiy that filesystem wants that capability
but client is not ->capable so error out and exit.
if (se->conn.want & (~se->conn.capable)) {
fuse_log(FUSE_LOG_ERR,
"fuse: error: filesystem requested capabilities "
"0x%llx that are not supported by kernel, aborting.\n",
se->conn.want & (~se->conn.capable));
fuse_reply_err(req, EPROTO);
se->error = -EPROTO;
fuse_session_exit(se);
return;
}
Thanks
Vivek
>
> Dave
>
> > + conn->want |= FUSE_CAP_SECURITY_CTX;
> > + } else {
> > + fuse_log(FUSE_LOG_DEBUG, "lo_init: disabling security label\n");
> > + conn->want &= ~FUSE_CAP_SECURITY_CTX;
> > + }
> > }
> >
> > static void lo_getattr(fuse_req_t req, fuse_ino_t ino,
> > @@ -4279,6 +4293,7 @@ int main(int argc, char *argv[])
> > .proc_self_task = -1,
> > .user_killpriv_v2 = -1,
> > .user_posix_acl = -1,
> > + .user_security_label = -1,
> > };
> > struct lo_map_elem *root_elem;
> > struct lo_map_elem *reserve_elem;
> > --
> > 2.34.1
> >
> --
> Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
>
WARNING: multiple messages have this Message-ID (diff)
From: Vivek Goyal <vgoyal@redhat.com>
To: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: virtio-fs@redhat.com, mszeredi@redhat.com, qemu-devel@nongnu.org
Subject: Re: [PATCH v5 9/9] virtiofsd: Add an option to enable/disable security label
Date: Mon, 7 Feb 2022 09:13:53 -0500 [thread overview]
Message-ID: <YgEpIXyRiafE8NSu@redhat.com> (raw)
In-Reply-To: <YgETNXv8AnnuLQR/@work-vm>
On Mon, Feb 07, 2022 at 12:40:21PM +0000, Dr. David Alan Gilbert wrote:
> * Vivek Goyal (vgoyal@redhat.com) wrote:
> > Provide an option "-o security_label/no_security_label" to enable/disable
> > security label functionality. By default these are turned off.
> >
> > If enabled, server will indicate to client that it is capable of handling
> > one security label during file creation. Typically this is expected to
> > be a SELinux label. File server will set this label on the file. It will
> > try to set it atomically wherever possible. But its not possible in
> > all the cases.
> >
> > Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> > ---
> > docs/tools/virtiofsd.rst | 7 +++++++
> > tools/virtiofsd/helper.c | 1 +
> > tools/virtiofsd/passthrough_ll.c | 15 +++++++++++++++
> > 3 files changed, 23 insertions(+)
> >
> > diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
> > index 07ac0be551..a2c005f4a0 100644
> > --- a/docs/tools/virtiofsd.rst
> > +++ b/docs/tools/virtiofsd.rst
> > @@ -104,6 +104,13 @@ Options
> > * posix_acl|no_posix_acl -
> > Enable/disable posix acl support. Posix ACLs are disabled by default.
> >
> > + * security_label|no_security_label -
> > + Enable/disable security label support. Security labels are disabled by
> > + default. This will allow client to send a MAC label of file during
> ^ the ^ a
> > + file creation. Typically this is expected to be SELinux security
> ^ an
>
> > + label. Server will try to set that label on newly created file
> ^The server
> > + atomically wherever possible.
> > +
> > .. option:: --socket-path=PATH
> >
> > Listen on vhost-user UNIX domain socket at PATH.
> > diff --git a/tools/virtiofsd/helper.c b/tools/virtiofsd/helper.c
> > index a8295d975a..e226fc590f 100644
> > --- a/tools/virtiofsd/helper.c
> > +++ b/tools/virtiofsd/helper.c
> > @@ -187,6 +187,7 @@ void fuse_cmdline_help(void)
> > " default: no_allow_direct_io\n"
> > " -o announce_submounts Announce sub-mount points to the guest\n"
> > " -o posix_acl/no_posix_acl Enable/Disable posix_acl. (default: disabled)\n"
> > + " -o security_label/no_security_label Enable/Disable security label. (default: disabled)\n"
> > );
> > }
> >
> > diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> > index 43c9b6dbe5..fe8f3ccbb6 100644
> > --- a/tools/virtiofsd/passthrough_ll.c
> > +++ b/tools/virtiofsd/passthrough_ll.c
> > @@ -181,6 +181,7 @@ struct lo_data {
> > int user_posix_acl, posix_acl;
> > /* Keeps track if /proc/<pid>/attr/fscreate should be used or not */
> > bool use_fscreate;
> > + int user_security_label;
> > };
> >
> > static const struct fuse_opt lo_opts[] = {
> > @@ -215,6 +216,8 @@ static const struct fuse_opt lo_opts[] = {
> > { "no_killpriv_v2", offsetof(struct lo_data, user_killpriv_v2), 0 },
> > { "posix_acl", offsetof(struct lo_data, user_posix_acl), 1 },
> > { "no_posix_acl", offsetof(struct lo_data, user_posix_acl), 0 },
> > + { "security_label", offsetof(struct lo_data, user_security_label), 1 },
> > + { "no_security_label", offsetof(struct lo_data, user_security_label), 0 },
> > FUSE_OPT_END
> > };
> > static bool use_syslog = false;
> > @@ -771,6 +774,17 @@ static void lo_init(void *userdata, struct fuse_conn_info *conn)
> > fuse_log(FUSE_LOG_DEBUG, "lo_init: disabling posix_acl\n");
> > conn->want &= ~FUSE_CAP_POSIX_ACL;
> > }
> > +
> > + if (lo->user_security_label == 1) {
> > + if (!(conn->capable & FUSE_CAP_SECURITY_CTX)) {
> > + fuse_log(FUSE_LOG_ERR, "lo_init: Can not enable security label."
> > + " kernel does not support FUSE_SECURITY_CTX capability.\n");
> > + }
>
> Do you need to exit in this case - or at least clear the flag?
Actually we don't have to necessarily exit here because fuse_lowlevel.c
has a check which makes it exit. And that's why I do not clear the
flag from ->want to signifiy that filesystem wants that capability
but client is not ->capable so error out and exit.
if (se->conn.want & (~se->conn.capable)) {
fuse_log(FUSE_LOG_ERR,
"fuse: error: filesystem requested capabilities "
"0x%llx that are not supported by kernel, aborting.\n",
se->conn.want & (~se->conn.capable));
fuse_reply_err(req, EPROTO);
se->error = -EPROTO;
fuse_session_exit(se);
return;
}
Thanks
Vivek
>
> Dave
>
> > + conn->want |= FUSE_CAP_SECURITY_CTX;
> > + } else {
> > + fuse_log(FUSE_LOG_DEBUG, "lo_init: disabling security label\n");
> > + conn->want &= ~FUSE_CAP_SECURITY_CTX;
> > + }
> > }
> >
> > static void lo_getattr(fuse_req_t req, fuse_ino_t ino,
> > @@ -4279,6 +4293,7 @@ int main(int argc, char *argv[])
> > .proc_self_task = -1,
> > .user_killpriv_v2 = -1,
> > .user_posix_acl = -1,
> > + .user_security_label = -1,
> > };
> > struct lo_map_elem *root_elem;
> > struct lo_map_elem *reserve_elem;
> > --
> > 2.34.1
> >
> --
> Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
>
next prev parent reply other threads:[~2022-02-07 14:13 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-02 19:39 [Virtio-fs] [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 1/9] virtiofsd: Fix breakage due to fuse_init_in size change Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 2/9] linux-headers: Update headers to v5.17-rc1 Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 3/9] virtiofsd: Parse extended "struct fuse_init_in" Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-03 18:56 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-03 18:56 ` Dr. David Alan Gilbert
2022-02-07 13:31 ` [Virtio-fs] " Vivek Goyal
2022-02-07 13:31 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 4/9] virtiofsd: Extend size of fuse_conn_info->capable and ->want fields Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 5/9] virtiofsd, fuse_lowlevel.c: Add capability to parse security context Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-03 19:41 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-03 19:41 ` Dr. David Alan Gilbert
2022-02-07 13:47 ` [Virtio-fs] " Vivek Goyal
2022-02-07 13:47 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 6/9] virtiofsd: Move core file creation code in separate function Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 7/9] virtiofsd: Create new file with fscreate set Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-07 11:38 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-07 11:38 ` Dr. David Alan Gilbert
2022-02-07 14:07 ` [Virtio-fs] " Vivek Goyal
2022-02-07 14:07 ` Vivek Goyal
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 8/9] virtiofsd: Create new file using O_TMPFILE and set security context Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-07 12:23 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-07 12:23 ` Dr. David Alan Gilbert
2022-02-02 19:39 ` [Virtio-fs] [PATCH v5 9/9] virtiofsd: Add an option to enable/disable security label Vivek Goyal
2022-02-02 19:39 ` Vivek Goyal
2022-02-07 12:40 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-07 12:40 ` Dr. David Alan Gilbert
2022-02-07 14:13 ` Vivek Goyal [this message]
2022-02-07 14:13 ` Vivek Goyal
2022-02-07 12:49 ` [Virtio-fs] [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation Dr. David Alan Gilbert
2022-02-07 12:49 ` Dr. David Alan Gilbert
2022-02-07 14:30 ` [Virtio-fs] " Vivek Goyal
2022-02-07 14:30 ` Vivek Goyal
2022-02-07 16:06 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-07 16:06 ` Dr. David Alan Gilbert
2022-02-07 13:05 ` [Virtio-fs] " Daniel P. Berrangé
2022-02-07 13:05 ` Daniel P. Berrangé
2022-02-07 13:24 ` [Virtio-fs] " Vivek Goyal
2022-02-07 13:24 ` Vivek Goyal
2022-02-07 13:30 ` [Virtio-fs] " Daniel P. Berrangé
2022-02-07 13:30 ` Daniel P. Berrangé
2022-02-07 14:50 ` [Virtio-fs] " Vivek Goyal
2022-02-07 14:50 ` Vivek Goyal
2022-02-07 21:19 ` [Virtio-fs] " Vivek Goyal
2022-02-07 21:19 ` Vivek Goyal
2022-02-07 21:34 ` [Virtio-fs] " Daniel Walsh
2022-02-07 21:34 ` Daniel Walsh
2022-02-08 8:59 ` [Virtio-fs] " Daniel P. Berrangé
2022-02-08 8:59 ` Daniel P. Berrangé
2022-02-09 10:24 ` [Virtio-fs] " German Maglione
2022-02-09 15:08 ` Vivek Goyal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YgEpIXyRiafE8NSu@redhat.com \
--to=vgoyal@redhat.com \
--cc=dgilbert@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.