From: "M. Mohan Kumar" <mohan@in.ibm.com>
To: qemu-devel@nongnu.org
Cc: stefanha@gmail.com
Subject: [Qemu-devel] [V4 PATCH 3/8] Add client side interfaces for chroot environment
Date: Tue, 1 Feb 2011 10:56:32 +0530 [thread overview]
Message-ID: <1296537992-16687-1-git-send-email-mohan@in.ibm.com> (raw)
In-Reply-To: <1296537693-16406-1-git-send-email-mohan@in.ibm.com>
Define QEMU side interfaces used for chroot environment.
Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com>
---
hw/9pfs/virtio-9p-chroot.c | 87 ++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 87 insertions(+), 0 deletions(-)
diff --git a/hw/9pfs/virtio-9p-chroot.c b/hw/9pfs/virtio-9p-chroot.c
index 5150ff0..b466d9a 100644
--- a/hw/9pfs/virtio-9p-chroot.c
+++ b/hw/9pfs/virtio-9p-chroot.c
@@ -111,6 +111,86 @@ static int chroot_read_request(int sockfd, V9fsFileObjectRequest *request)
return 0;
}
+/* Receive file descriptor and error status from chroot process */
+static int v9fs_receivefd(int sockfd, int *error)
+{
+ struct msghdr msg = { };
+ struct iovec iov;
+ union MsgControl msg_control;
+ struct cmsghdr *cmsg;
+ int retval, fd;
+ FdInfo fd_info;
+
+ iov.iov_base = &fd_info;
+ iov.iov_len = sizeof(fd_info);
+
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = &msg_control;
+ msg.msg_controllen = sizeof(msg_control);
+
+ retval = recvmsg(sockfd, &msg, 0);
+ if (retval < 0) {
+ *error = EIO;
+ return -EIO;
+ }
+
+ if (fd_info.fi_flags & FI_SOCKERR) {
+ return -EIO;
+ }
+
+ /* If error is set, ancillary data is not present */
+ if (fd_info.fi_error) {
+ *error = fd_info.fi_error;
+ return -1;
+ }
+
+ if (!(fd_info.fi_flags & FI_FDVALID)) {
+ return 0;
+ }
+
+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+ if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)) ||
+ cmsg->cmsg_level != SOL_SOCKET ||
+ cmsg->cmsg_type != SCM_RIGHTS) {
+ continue;
+ }
+ fd = *((int *)CMSG_DATA(cmsg));
+ return fd;
+ }
+
+ *error = EAGAIN;
+ return -1;
+}
+
+/*
+ * V9fsFileObjectRequest is written into the socket by QEMU process.
+ * Then this request is read by chroot process using read_request function
+ */
+static int v9fs_write_request(int sockfd, V9fsFileObjectRequest *request)
+{
+ int retval, length;
+ char *buff, *buffp;
+
+ length = sizeof(request->data) + request->data.path_len +
+ request->data.oldpath_len;
+
+ buff = qemu_malloc(length);
+ buffp = buff;
+ memcpy(buffp, &request->data, sizeof(request->data));
+ buffp += sizeof(request->data);
+ memcpy(buffp, request->path.path, request->data.path_len);
+ buffp += request->data.path_len;
+ memcpy(buffp, request->path.old_path, request->data.oldpath_len);
+
+ retval = qemu_write_full(sockfd, buff, length);
+ if (retval != length) {
+ return EIO;
+ }
+ return 0;
+}
+
static int chroot_daemonize(int chroot_sock)
{
sigset_t sigset;
@@ -139,6 +219,12 @@ static int chroot_daemonize(int chroot_sock)
return 0;
}
+static void chroot_dummy(void)
+{
+ (void)v9fs_receivefd;
+ (void)v9fs_write_request;
+}
+
/*
* Fork a process and chroot into the share path. Communication
* between qemu process and chroot process happens via socket
@@ -184,6 +270,7 @@ int v9fs_chroot(FsContext *fs_ctx)
error = qemu_write_full(chroot_sock, &code, sizeof(code));
_exit(1);
}
+ chroot_dummy();
/*
* Write 0 to chroot socket to indicate chroot process creation is
--
1.7.3.4
next prev parent reply other threads:[~2011-02-01 5:26 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-02-01 5:21 [Qemu-devel] [V4 PATCH 0/8] virtio-9p: Use chroot to safely access files in passthrough security model M. Mohan Kumar
2011-02-01 5:24 ` [Qemu-devel] [V4 PATCH 1/8] virtio-9p: Implement qemu_read_full M. Mohan Kumar
2011-02-01 5:25 ` [Qemu-devel] [V4 PATCH 2/8] Provide chroot environment server side interfaces M. Mohan Kumar
2011-02-01 10:32 ` Daniel P. Berrange
2011-02-01 12:02 ` Stefan Hajnoczi
2011-02-08 12:17 ` M. Mohan Kumar
2011-02-09 10:14 ` Daniel P. Berrange
2011-02-01 5:26 ` M. Mohan Kumar [this message]
2011-02-02 9:54 ` [Qemu-devel] Re: [V4 PATCH 3/8] Add client side interfaces for chroot environment Stefan Hajnoczi
2011-02-08 16:21 ` M. Mohan Kumar
2011-02-01 5:26 ` [Qemu-devel] [V4 PATCH 4/8] Add support to open a file in " M. Mohan Kumar
2011-02-01 5:27 ` [Qemu-devel] [V4 PATCH 5/8] Create support " M. Mohan Kumar
2011-02-01 14:23 ` [Qemu-devel] " Stefan Hajnoczi
2011-02-01 5:27 ` [Qemu-devel] [V4 PATCH 6/8] Support for creating special files M. Mohan Kumar
2011-02-01 14:29 ` Stefan Hajnoczi
2011-02-01 5:27 ` [Qemu-devel] [V4 PATCH 7/8] Move file post creation changes to none security model M. Mohan Kumar
2011-02-01 5:27 ` [Qemu-devel] [V4 PATCH 8/8] Chroot environment for other functions M. Mohan Kumar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1296537992-16687-1-git-send-email-mohan@in.ibm.com \
--to=mohan@in.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).