From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: virtio-fs@redhat.com, berrange@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Virtio-fs] [PATCH v6 00/10] virtiofsd: Add support for file security context at file creation
Date: Wed, 16 Feb 2022 12:08:40 +0000 [thread overview]
Message-ID: <YgzpSIIolYItX4Mj@work-vm> (raw)
In-Reply-To: <20220208204813.682906-1-vgoyal@redhat.com>
Queued
* Vivek Goyal (vgoyal@redhat.com) wrote:
> Hi,
>
> This is V6 of the patches. I posted V5 here.
>
> https://listman.redhat.com/archives/virtio-fs/2022-February/msg00012.html
>
> This patch series basically allows client to send a security context
> (which is expected to be xattr security.selinux and its content) to
> virtiofsd and it will set that security context on file during creation
> based on various settings. Hence, this patch series basically allows
> supporting SELinux with virtiofs.
>
> There are primarily 3 modes.
>
> - If no security context enabled, then it continues to create files without
> security context.
>
> - If security context is enabled and but security.selinux has not been
> remapped, then it uses /proc/thread-self/attr/fscreate knob to set
> security context and then create the file. This will make sure that
> newly created file gets the security context as set in "fscreate" and
> this is atomic w.r.t file creation.
>
> This is useful and host and guest SELinux policies don't conflict and
> can work with each other. In that case, guest security.selinux xattr
> is not remapped and it is passthrough as "security.selinux" xattr
> on host.
>
> - If security context is enabled but security.selinux xattr has been
> remapped to something else, then it first creates the file and then
> uses setxattr() to set the remapped xattr with the security context.
> This is a non-atomic operation w.r.t file creation.
>
> This mode will be most versatile and allow host and guest to have their
> own separate SELinux xattrs and have their own separate SELinux policies.
>
> Changes since V5:
>
> - Added some documentation to recommend using xattr remapping to remap
> "security.selinux" to "trusted.virtiofs.security.selinux" and also
> give CAP_SYS_ADMIN to daemon. Also put a warning to make users aware
> of trade-off involved here. ("Daniel P. Berrangé")
>
> - Used macro endof() to determine end of fuse_init_in struct. (David
> Gilbert).
>
> - Added a check to make sure fsecctx->size is not zero. Also added
> "return" statement at few places where it was required. (David Gilbert)
>
> - Split patch 7 in the series. Some of the handling of setting and
> clearing fscreate knob has been moved into a separate patch. Found
> it hard to break it down further. So it helps a bit but not too
> much. (David Gilbert).
>
> Thanks
> Vivek
>
> Vivek Goyal (10):
> virtiofsd: Fix breakage due to fuse_init_in size change
> linux-headers: Update headers to v5.17-rc1
> virtiofsd: Parse extended "struct fuse_init_in"
> virtiofsd: Extend size of fuse_conn_info->capable and ->want fields
> virtiofsd, fuse_lowlevel.c: Add capability to parse security context
> virtiofsd: Move core file creation code in separate function
> virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate
> virtiofsd: Create new file with security context
> virtiofsd: Create new file using O_TMPFILE and set security context
> virtiofsd: Add an option to enable/disable security label
>
> docs/tools/virtiofsd.rst | 32 ++
> include/standard-headers/asm-x86/kvm_para.h | 1 +
> include/standard-headers/drm/drm_fourcc.h | 11 +
> include/standard-headers/linux/ethtool.h | 1 +
> include/standard-headers/linux/fuse.h | 60 ++-
> include/standard-headers/linux/pci_regs.h | 142 +++---
> include/standard-headers/linux/virtio_gpio.h | 72 +++
> include/standard-headers/linux/virtio_i2c.h | 47 ++
> include/standard-headers/linux/virtio_iommu.h | 8 +-
> .../standard-headers/linux/virtio_pcidev.h | 65 +++
> include/standard-headers/linux/virtio_scmi.h | 24 +
> linux-headers/asm-generic/unistd.h | 5 +-
> linux-headers/asm-mips/unistd_n32.h | 2 +
> linux-headers/asm-mips/unistd_n64.h | 2 +
> linux-headers/asm-mips/unistd_o32.h | 2 +
> linux-headers/asm-powerpc/unistd_32.h | 2 +
> linux-headers/asm-powerpc/unistd_64.h | 2 +
> linux-headers/asm-riscv/bitsperlong.h | 14 +
> linux-headers/asm-riscv/mman.h | 1 +
> linux-headers/asm-riscv/unistd.h | 44 ++
> linux-headers/asm-s390/unistd_32.h | 2 +
> linux-headers/asm-s390/unistd_64.h | 2 +
> linux-headers/asm-x86/kvm.h | 16 +-
> linux-headers/asm-x86/unistd_32.h | 1 +
> linux-headers/asm-x86/unistd_64.h | 1 +
> linux-headers/asm-x86/unistd_x32.h | 1 +
> linux-headers/linux/kvm.h | 17 +
> tools/virtiofsd/fuse_common.h | 9 +-
> tools/virtiofsd/fuse_i.h | 7 +
> tools/virtiofsd/fuse_lowlevel.c | 168 +++++--
> tools/virtiofsd/helper.c | 1 +
> tools/virtiofsd/passthrough_ll.c | 414 ++++++++++++++++--
> 32 files changed, 1044 insertions(+), 132 deletions(-)
> create mode 100644 include/standard-headers/linux/virtio_gpio.h
> create mode 100644 include/standard-headers/linux/virtio_i2c.h
> create mode 100644 include/standard-headers/linux/virtio_pcidev.h
> create mode 100644 include/standard-headers/linux/virtio_scmi.h
> create mode 100644 linux-headers/asm-riscv/bitsperlong.h
> create mode 100644 linux-headers/asm-riscv/mman.h
> create mode 100644 linux-headers/asm-riscv/unistd.h
>
> --
> 2.34.1
>
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
WARNING: multiple messages have this Message-ID (diff)
From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: virtio-fs@redhat.com, mszeredi@redhat.com, berrange@redhat.com,
qemu-devel@nongnu.org
Subject: Re: [PATCH v6 00/10] virtiofsd: Add support for file security context at file creation
Date: Wed, 16 Feb 2022 12:08:40 +0000 [thread overview]
Message-ID: <YgzpSIIolYItX4Mj@work-vm> (raw)
In-Reply-To: <20220208204813.682906-1-vgoyal@redhat.com>
Queued
* Vivek Goyal (vgoyal@redhat.com) wrote:
> Hi,
>
> This is V6 of the patches. I posted V5 here.
>
> https://listman.redhat.com/archives/virtio-fs/2022-February/msg00012.html
>
> This patch series basically allows client to send a security context
> (which is expected to be xattr security.selinux and its content) to
> virtiofsd and it will set that security context on file during creation
> based on various settings. Hence, this patch series basically allows
> supporting SELinux with virtiofs.
>
> There are primarily 3 modes.
>
> - If no security context enabled, then it continues to create files without
> security context.
>
> - If security context is enabled and but security.selinux has not been
> remapped, then it uses /proc/thread-self/attr/fscreate knob to set
> security context and then create the file. This will make sure that
> newly created file gets the security context as set in "fscreate" and
> this is atomic w.r.t file creation.
>
> This is useful and host and guest SELinux policies don't conflict and
> can work with each other. In that case, guest security.selinux xattr
> is not remapped and it is passthrough as "security.selinux" xattr
> on host.
>
> - If security context is enabled but security.selinux xattr has been
> remapped to something else, then it first creates the file and then
> uses setxattr() to set the remapped xattr with the security context.
> This is a non-atomic operation w.r.t file creation.
>
> This mode will be most versatile and allow host and guest to have their
> own separate SELinux xattrs and have their own separate SELinux policies.
>
> Changes since V5:
>
> - Added some documentation to recommend using xattr remapping to remap
> "security.selinux" to "trusted.virtiofs.security.selinux" and also
> give CAP_SYS_ADMIN to daemon. Also put a warning to make users aware
> of trade-off involved here. ("Daniel P. Berrangé")
>
> - Used macro endof() to determine end of fuse_init_in struct. (David
> Gilbert).
>
> - Added a check to make sure fsecctx->size is not zero. Also added
> "return" statement at few places where it was required. (David Gilbert)
>
> - Split patch 7 in the series. Some of the handling of setting and
> clearing fscreate knob has been moved into a separate patch. Found
> it hard to break it down further. So it helps a bit but not too
> much. (David Gilbert).
>
> Thanks
> Vivek
>
> Vivek Goyal (10):
> virtiofsd: Fix breakage due to fuse_init_in size change
> linux-headers: Update headers to v5.17-rc1
> virtiofsd: Parse extended "struct fuse_init_in"
> virtiofsd: Extend size of fuse_conn_info->capable and ->want fields
> virtiofsd, fuse_lowlevel.c: Add capability to parse security context
> virtiofsd: Move core file creation code in separate function
> virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate
> virtiofsd: Create new file with security context
> virtiofsd: Create new file using O_TMPFILE and set security context
> virtiofsd: Add an option to enable/disable security label
>
> docs/tools/virtiofsd.rst | 32 ++
> include/standard-headers/asm-x86/kvm_para.h | 1 +
> include/standard-headers/drm/drm_fourcc.h | 11 +
> include/standard-headers/linux/ethtool.h | 1 +
> include/standard-headers/linux/fuse.h | 60 ++-
> include/standard-headers/linux/pci_regs.h | 142 +++---
> include/standard-headers/linux/virtio_gpio.h | 72 +++
> include/standard-headers/linux/virtio_i2c.h | 47 ++
> include/standard-headers/linux/virtio_iommu.h | 8 +-
> .../standard-headers/linux/virtio_pcidev.h | 65 +++
> include/standard-headers/linux/virtio_scmi.h | 24 +
> linux-headers/asm-generic/unistd.h | 5 +-
> linux-headers/asm-mips/unistd_n32.h | 2 +
> linux-headers/asm-mips/unistd_n64.h | 2 +
> linux-headers/asm-mips/unistd_o32.h | 2 +
> linux-headers/asm-powerpc/unistd_32.h | 2 +
> linux-headers/asm-powerpc/unistd_64.h | 2 +
> linux-headers/asm-riscv/bitsperlong.h | 14 +
> linux-headers/asm-riscv/mman.h | 1 +
> linux-headers/asm-riscv/unistd.h | 44 ++
> linux-headers/asm-s390/unistd_32.h | 2 +
> linux-headers/asm-s390/unistd_64.h | 2 +
> linux-headers/asm-x86/kvm.h | 16 +-
> linux-headers/asm-x86/unistd_32.h | 1 +
> linux-headers/asm-x86/unistd_64.h | 1 +
> linux-headers/asm-x86/unistd_x32.h | 1 +
> linux-headers/linux/kvm.h | 17 +
> tools/virtiofsd/fuse_common.h | 9 +-
> tools/virtiofsd/fuse_i.h | 7 +
> tools/virtiofsd/fuse_lowlevel.c | 168 +++++--
> tools/virtiofsd/helper.c | 1 +
> tools/virtiofsd/passthrough_ll.c | 414 ++++++++++++++++--
> 32 files changed, 1044 insertions(+), 132 deletions(-)
> create mode 100644 include/standard-headers/linux/virtio_gpio.h
> create mode 100644 include/standard-headers/linux/virtio_i2c.h
> create mode 100644 include/standard-headers/linux/virtio_pcidev.h
> create mode 100644 include/standard-headers/linux/virtio_scmi.h
> create mode 100644 linux-headers/asm-riscv/bitsperlong.h
> create mode 100644 linux-headers/asm-riscv/mman.h
> create mode 100644 linux-headers/asm-riscv/unistd.h
>
> --
> 2.34.1
>
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2022-02-16 12:08 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-08 20:48 [Virtio-fs] [PATCH v6 00/10] virtiofsd: Add support for file security context at file creation Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 01/10] virtiofsd: Fix breakage due to fuse_init_in size change Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 02/10] linux-headers: Update headers to v5.17-rc1 Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 03/10] virtiofsd: Parse extended "struct fuse_init_in" Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-14 12:22 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-14 12:22 ` Dr. David Alan Gilbert
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 04/10] virtiofsd: Extend size of fuse_conn_info->capable and ->want fields Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 05/10] virtiofsd, fuse_lowlevel.c: Add capability to parse security context Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-14 13:02 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-14 13:02 ` Dr. David Alan Gilbert
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 06/10] virtiofsd: Move core file creation code in separate function Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 07/10] virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 08/10] virtiofsd: Create new file with security context Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 09/10] virtiofsd: Create new file using O_TMPFILE and set " Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-08 20:48 ` [Virtio-fs] [PATCH v6 10/10] virtiofsd: Add an option to enable/disable security label Vivek Goyal
2022-02-08 20:48 ` Vivek Goyal
2022-02-14 13:32 ` [Virtio-fs] " Dr. David Alan Gilbert
2022-02-14 13:32 ` Dr. David Alan Gilbert
2022-02-14 14:10 ` [Virtio-fs] " Vivek Goyal
2022-02-14 14:10 ` Vivek Goyal
2022-02-16 12:08 ` Dr. David Alan Gilbert [this message]
2022-02-16 12:08 ` [PATCH v6 00/10] virtiofsd: Add support for file security context at file creation Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YgzpSIIolYItX4Mj@work-vm \
--to=dgilbert@redhat.com \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.