From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=51502 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Opn08-0002En-Rg for qemu-devel@nongnu.org; Sun, 29 Aug 2010 14:53:11 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1Opn01-0001cl-8f for qemu-devel@nongnu.org; Sun, 29 Aug 2010 14:53:08 -0400 Received: from e38.co.us.ibm.com ([32.97.110.159]:58994) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Opn01-0001cZ-1s for qemu-devel@nongnu.org; Sun, 29 Aug 2010 14:53:01 -0400 Received: from d03relay03.boulder.ibm.com (d03relay03.boulder.ibm.com [9.17.195.228]) by e38.co.us.ibm.com (8.14.4/8.13.1) with ESMTP id o7TIjYtD024727 for ; Sun, 29 Aug 2010 12:45:34 -0600 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d03relay03.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o7TIr0kg211198 for ; Sun, 29 Aug 2010 12:53:00 -0600 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id o7TIqxvW004305 for ; Sun, 29 Aug 2010 12:53:00 -0600 From: "Venkateswararao Jujjuri (JV)" Date: Sun, 29 Aug 2010 12:02:47 -0700 Message-Id: <1283108572-20228-22-git-send-email-jvrao@linux.vnet.ibm.com> In-Reply-To: <1283108572-20228-1-git-send-email-jvrao@linux.vnet.ibm.com> References: <1283108572-20228-1-git-send-email-jvrao@linux.vnet.ibm.com> Subject: [Qemu-devel] [PATCH -V4 21/26] virtio-9p: Add SM_NONE security model List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: aliguori@us.ibm.com, Venkateswararao Jujjuri , "Aneesh Kumar K.V" From: Aneesh Kumar K.V This is equivalent to SM_PASSTHROUGH security model. The only exception is, failure of privilige operation like chown are ignored. This makes a passthrough like security model usable for people who runs kvm as non root Signed-off-by: Aneesh Kumar K.V Signed-off-by: Venkateswararao Jujjuri --- hw/file-op-9p.h | 15 +++++++++++++-- hw/virtio-9p-local.c | 40 ++++++++++++++++++++++++++++++---------- hw/virtio-9p.c | 13 ++++++++++--- qemu-options.hx | 4 ++-- vl.c | 2 +- 5 files changed, 56 insertions(+), 18 deletions(-) diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h index e9e6657..6ed7937 100644 --- a/hw/file-op-9p.h +++ b/hw/file-op-9p.h @@ -24,8 +24,19 @@ typedef enum { - SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */ - SM_MAPPED, /* uid/gid part of xattr */ + /* + * Server will try to set uid/gid. + * On failure ignore the error. + */ + SM_NONE = 0, + /* + * uid/gid set on fileserver files + */ + SM_PASSTHROUGH = 1, + /* + * uid/gid part of xattr + */ + SM_MAPPED, } SecModel; typedef struct FsCred diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c index 7f847c6..6a2108c 100644 --- a/hw/virtio-9p-local.c +++ b/hw/virtio-9p-local.c @@ -102,7 +102,13 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path, return -1; } if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) { - return -1; + /* + * If we fail to change ownership and if we are + * using security model none. Ignore the error + */ + if (fs_ctx->fs_sm != SM_NONE) { + return -1; + } } return 0; } @@ -122,7 +128,8 @@ static ssize_t local_readlink(FsContext *fs_ctx, const char *path, } while (tsize == -1 && errno == EINTR); close(fd); return tsize; - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { tsize = readlink(rpath(fs_ctx, path), buf, bufsz); } return tsize; @@ -189,7 +196,8 @@ static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp) { if (fs_ctx->fs_sm == SM_MAPPED) { return local_set_xattr(rpath(fs_ctx, path), credp); - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { return chmod(rpath(fs_ctx, path), credp->fc_mode); } return -1; @@ -211,7 +219,8 @@ static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp) serrno = errno; goto err_end; } - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { err = mknod(rpath(fs_ctx, path), credp->fc_mode, credp->fc_rdev); if (err == -1) { return err; @@ -247,7 +256,8 @@ static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp) serrno = errno; goto err_end; } - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { err = mkdir(rpath(fs_ctx, path), credp->fc_mode); if (err == -1) { return err; @@ -316,7 +326,8 @@ static int local_open2(FsContext *fs_ctx, const char *path, int flags, serrno = errno; goto err_end; } - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { fd = open(rpath(fs_ctx, path), flags, credp->fc_mode); if (fd == -1) { return fd; @@ -372,15 +383,23 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, serrno = errno; goto err_end; } - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { err = symlink(oldpath, rpath(fs_ctx, newpath)); if (err) { return err; } err = lchown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid); if (err == -1) { - serrno = errno; - goto err_end; + /* + * If we fail to change ownership and if we are + * using security model none. Ignore the error + */ + if (fs_ctx->fs_sm != SM_NONE) { + serrno = errno; + goto err_end; + } else + err = 0; } } return err; @@ -447,7 +466,8 @@ static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp) return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); } else if (fs_ctx->fs_sm == SM_MAPPED) { return local_set_xattr(rpath(fs_ctx, path), credp); - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); } return -1; diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c index 13ab735..c154bac 100644 --- a/hw/virtio-9p.c +++ b/hw/virtio-9p.c @@ -3545,12 +3545,19 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf) * Client user credentials are saved in extended attributes. */ s->ctx.fs_sm = SM_MAPPED; + } else if (!strcmp(fse->security_model, "none")) { + /* Files on the fileserver are set to QEMU credentials. + * Client user credentials are saved in extended attributes. + */ + s->ctx.fs_sm = SM_NONE; + } else { - /* user haven't specified a correct security option */ - fprintf(stderr, "one of the following must be specified as the" + /* Default so SM_NONE option which was the default before */ + fprintf(stderr, "Default to security_mode=none. You may want" + " enable advanced security model using " "security option:\n\t security_model=passthrough \n\t " "security_model=mapped\n"); - return NULL; + s->ctx.fs_sm = SM_MAPPED; } if (lstat(fse->path, &stat)) { diff --git a/qemu-options.hx b/qemu-options.hx index 453f129..368bf96 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -485,7 +485,7 @@ ETEXI DEFHEADING(File system options:) DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, - "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n", + "-fsdev local,id=id,path=path,security_model=[mapped|passthrough|none]\n", QEMU_ARCH_ALL) STEXI @@ -518,7 +518,7 @@ ETEXI DEFHEADING(Virtual File system pass-through options:) DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, - "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n", + "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough|none]\n", QEMU_ARCH_ALL) STEXI diff --git a/vl.c b/vl.c index 91d1684..ade582b 100644 --- a/vl.c +++ b/vl.c @@ -2320,7 +2320,7 @@ int main(int argc, char **argv, char **envp) qemu_opt_get(opts, "path") == NULL || qemu_opt_get(opts, "security_model") == NULL) { fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/," - "security_model=[mapped|passthrough]," + "security_model=[mapped|passthrough|none]," "mnt_tag=tag.\n"); exit(1); } -- 1.6.5.2