From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
To: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH -V4 7/7] virtio-9p: Implemented security model for chown and chgrp.
Date: Tue, 1 Jun 2010 23:03:18 +0530 [thread overview]
Message-ID: <20100601173318.GD25542@skywalker.linux.vnet.ibm.com> (raw)
In-Reply-To: <1274916106-25616-8-git-send-email-jvrao@linux.vnet.ibm.com>
On Wed, May 26, 2010 at 04:21:46PM -0700, Venkateswararao Jujjuri (JV) wrote:
> Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
> ---
> hw/file-op-9p.h | 4 ++--
> hw/virtio-9p-local.c | 18 ++++++++++++++----
> hw/virtio-9p.c | 15 ++++++++++++---
> 3 files changed, 28 insertions(+), 9 deletions(-)
>
> diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
> index c1c08b4..877faf2 100644
> --- a/hw/file-op-9p.h
> +++ b/hw/file-op-9p.h
> @@ -49,8 +49,8 @@ typedef struct FileOperations
> {
> int (*lstat)(FsContext *, const char *, struct stat *);
> ssize_t (*readlink)(FsContext *, const char *, char *, size_t);
> - int (*chmod)(FsContext *, const char *, mode_t);
> - int (*chown)(FsContext *, const char *, uid_t, gid_t);
> + int (*chmod)(FsContext *, const char *, FsCred *);
> + int (*chown)(FsContext *, const char *, FsCred *);
> int (*mknod)(FsContext *, const char *, FsCred *);
> int (*utime)(FsContext *, const char *, const struct utimbuf *);
> int (*remove)(FsContext *, const char *);
> diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
> index 11f3650..f46acac 100644
> --- a/hw/virtio-9p-local.c
> +++ b/hw/virtio-9p-local.c
> @@ -173,9 +173,14 @@ static ssize_t local_writev(FsContext *ctx, int fd, const struct iovec *iov,
> return writev(fd, iov, iovcnt);
> }
>
> -static int local_chmod(FsContext *ctx, const char *path, mode_t mode)
> +static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp)
> {
> - return chmod(rpath(ctx, path), mode);
> + if (fs_ctx->fs_sm == SM_MAPPED) {
> + return local_set_xattr(rpath(fs_ctx, path), credp);
> + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
> + return chmod(rpath(fs_ctx, path), credp->fc_mode);
> + }
> + return -1;
> }
You should use this in open2.
>
> static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp)
> @@ -436,9 +441,14 @@ static int local_rename(FsContext *ctx, const char *oldpath,
>
> }
>
> -static int local_chown(FsContext *ctx, const char *path, uid_t uid, gid_t gid)
> +static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp)
> {
> - return chown(rpath(ctx, path), uid, gid);
> + if (fs_ctx->fs_sm == SM_MAPPED) {
> + return local_set_xattr(rpath(fs_ctx, path), credp);
> + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
> + return chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
> + }
> + return -1;
> }
>
Same here. So that we don't have
if (fs_ctx->fs_sm == SM_MAPPED) spread in the open2 code but is logically
grouped at the right place.
> static int local_utime(FsContext *ctx, const char *path,
> diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
> index 90620aa..dceb5fc 100644
> --- a/hw/virtio-9p.c
> +++ b/hw/virtio-9p.c
> @@ -154,7 +154,11 @@ static int v9fs_do_writev(V9fsState *s, int fd, const struct iovec *iov,
>
> static int v9fs_do_chmod(V9fsState *s, V9fsString *path, mode_t mode)
> {
> - return s->ops->chmod(&s->ctx, path->data, mode);
> + FsCred cred;
> + cred_init(&cred);
> + cred.fc_mode = mode;
> +
> + return s->ops->chmod(&s->ctx, path->data, &cred);
> }
>
> static int v9fs_do_mknod(V9fsState *s, V9fsCreateState *vs, mode_t mode,
> @@ -231,7 +235,12 @@ static int v9fs_do_rename(V9fsState *s, V9fsString *oldpath,
>
> static int v9fs_do_chown(V9fsState *s, V9fsString *path, uid_t uid, gid_t gid)
> {
> - return s->ops->chown(&s->ctx, path->data, uid, gid);
> + FsCred cred;
> + cred_init(&cred);
> + cred.fc_uid = uid;
> + cred.fc_gid = gid;
> +
> + return s->ops->chown(&s->ctx, path->data, &cred);
> }
>
> static int v9fs_do_utime(V9fsState *s, V9fsString *path,
> @@ -2022,7 +2031,7 @@ static void v9fs_wstat_post_utime(V9fsState *s, V9fsWstatState *vs, int err)
> goto out;
> }
>
> - if (vs->v9stat.n_gid != -1) {
> + if (vs->v9stat.n_gid != -1 || vs->v9stat.n_uid != -1) {
> if (v9fs_do_chown(s, &vs->fidp->path, vs->v9stat.n_uid,
> vs->v9stat.n_gid)) {
> err = -errno;
> --
> 1.6.5.2
>
>
-aneesh
next prev parent reply other threads:[~2010-06-01 17:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-26 23:21 [Qemu-devel] [PATCH-V4 0/7] virtio-9p:Introducing security model for VirtFS Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 1/7] virtio-9p: Introduces an option to specify the security model Venkateswararao Jujjuri (JV)
2010-06-01 17:24 ` Aneesh Kumar K.V
2010-06-03 23:07 ` Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 2/7] virtio-9p: Rearrange fileop structures Venkateswararao Jujjuri (JV)
2010-06-01 17:22 ` Aneesh Kumar K.V
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 3/7] virtio-9p: modify create/open2 and mkdir for new security model Venkateswararao Jujjuri (JV)
2010-06-01 17:30 ` Aneesh Kumar K.V
2010-06-04 0:40 ` Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 4/7] virtio-9p: Implement Security model for mknod related files Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 5/7] virtio-9p: Implemented security model for symlink and link Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 6/7] virtio-9p: Implemented Security model for lstat and fstat Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 7/7] virtio-9p: Implemented security model for chown and chgrp Venkateswararao Jujjuri (JV)
2010-06-01 17:33 ` Aneesh Kumar K.V [this message]
2010-05-27 3:52 ` [Qemu-devel] Re: [PATCH-V4 0/7] virtio-9p:Introducing security model for VirtFS Andy Lutomirski
2010-05-27 17:52 ` Venkateswararao Jujjuri (JV)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100601173318.GD25542@skywalker.linux.vnet.ibm.com \
--to=aneesh.kumar@linux.vnet.ibm.com \
--cc=aliguori@us.ibm.com \
--cc=jvrao@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).