From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=58252 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OJVLe-0005GY-Ph for qemu-devel@nongnu.org; Tue, 01 Jun 2010 13:33:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OJVLZ-000085-9y for qemu-devel@nongnu.org; Tue, 01 Jun 2010 13:33:50 -0400 Received: from e28smtp02.in.ibm.com ([122.248.162.2]:48662) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OJVLY-00007f-LD for qemu-devel@nongnu.org; Tue, 01 Jun 2010 13:33:49 -0400 Received: from d28relay05.in.ibm.com (d28relay05.in.ibm.com [9.184.220.62]) by e28smtp02.in.ibm.com (8.14.4/8.13.1) with ESMTP id o51HXNmx015336 for ; Tue, 1 Jun 2010 23:03:23 +0530 Received: from d28av01.in.ibm.com (d28av01.in.ibm.com [9.184.220.63]) by d28relay05.in.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o51HXNZl2879500 for ; Tue, 1 Jun 2010 23:03:23 +0530 Received: from d28av01.in.ibm.com (loopback [127.0.0.1]) by d28av01.in.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id o51HXLr2023258 for ; Tue, 1 Jun 2010 23:03:22 +0530 Date: Tue, 1 Jun 2010 23:03:18 +0530 From: "Aneesh Kumar K.V" Subject: Re: [Qemu-devel] [PATCH -V4 7/7] virtio-9p: Implemented security model for chown and chgrp. Message-ID: <20100601173318.GD25542@skywalker.linux.vnet.ibm.com> References: <1274916106-25616-1-git-send-email-jvrao@linux.vnet.ibm.com> <1274916106-25616-8-git-send-email-jvrao@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1274916106-25616-8-git-send-email-jvrao@linux.vnet.ibm.com> List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Venkateswararao Jujjuri (JV)" Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org On Wed, May 26, 2010 at 04:21:46PM -0700, Venkateswararao Jujjuri (JV) wrote: > Signed-off-by: Venkateswararao Jujjuri > --- > hw/file-op-9p.h | 4 ++-- > hw/virtio-9p-local.c | 18 ++++++++++++++---- > hw/virtio-9p.c | 15 ++++++++++++--- > 3 files changed, 28 insertions(+), 9 deletions(-) > > diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h > index c1c08b4..877faf2 100644 > --- a/hw/file-op-9p.h > +++ b/hw/file-op-9p.h > @@ -49,8 +49,8 @@ typedef struct FileOperations > { > int (*lstat)(FsContext *, const char *, struct stat *); > ssize_t (*readlink)(FsContext *, const char *, char *, size_t); > - int (*chmod)(FsContext *, const char *, mode_t); > - int (*chown)(FsContext *, const char *, uid_t, gid_t); > + int (*chmod)(FsContext *, const char *, FsCred *); > + int (*chown)(FsContext *, const char *, FsCred *); > int (*mknod)(FsContext *, const char *, FsCred *); > int (*utime)(FsContext *, const char *, const struct utimbuf *); > int (*remove)(FsContext *, const char *); > diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c > index 11f3650..f46acac 100644 > --- a/hw/virtio-9p-local.c > +++ b/hw/virtio-9p-local.c > @@ -173,9 +173,14 @@ static ssize_t local_writev(FsContext *ctx, int fd, const struct iovec *iov, > return writev(fd, iov, iovcnt); > } > > -static int local_chmod(FsContext *ctx, const char *path, mode_t mode) > +static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp) > { > - return chmod(rpath(ctx, path), mode); > + if (fs_ctx->fs_sm == SM_MAPPED) { > + return local_set_xattr(rpath(fs_ctx, path), credp); > + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { > + return chmod(rpath(fs_ctx, path), credp->fc_mode); > + } > + return -1; > } You should use this in open2. > > static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp) > @@ -436,9 +441,14 @@ static int local_rename(FsContext *ctx, const char *oldpath, > > } > > -static int local_chown(FsContext *ctx, const char *path, uid_t uid, gid_t gid) > +static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp) > { > - return chown(rpath(ctx, path), uid, gid); > + if (fs_ctx->fs_sm == SM_MAPPED) { > + return local_set_xattr(rpath(fs_ctx, path), credp); > + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { > + return chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); > + } > + return -1; > } > Same here. So that we don't have if (fs_ctx->fs_sm == SM_MAPPED) spread in the open2 code but is logically grouped at the right place. > static int local_utime(FsContext *ctx, const char *path, > diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c > index 90620aa..dceb5fc 100644 > --- a/hw/virtio-9p.c > +++ b/hw/virtio-9p.c > @@ -154,7 +154,11 @@ static int v9fs_do_writev(V9fsState *s, int fd, const struct iovec *iov, > > static int v9fs_do_chmod(V9fsState *s, V9fsString *path, mode_t mode) > { > - return s->ops->chmod(&s->ctx, path->data, mode); > + FsCred cred; > + cred_init(&cred); > + cred.fc_mode = mode; > + > + return s->ops->chmod(&s->ctx, path->data, &cred); > } > > static int v9fs_do_mknod(V9fsState *s, V9fsCreateState *vs, mode_t mode, > @@ -231,7 +235,12 @@ static int v9fs_do_rename(V9fsState *s, V9fsString *oldpath, > > static int v9fs_do_chown(V9fsState *s, V9fsString *path, uid_t uid, gid_t gid) > { > - return s->ops->chown(&s->ctx, path->data, uid, gid); > + FsCred cred; > + cred_init(&cred); > + cred.fc_uid = uid; > + cred.fc_gid = gid; > + > + return s->ops->chown(&s->ctx, path->data, &cred); > } > > static int v9fs_do_utime(V9fsState *s, V9fsString *path, > @@ -2022,7 +2031,7 @@ static void v9fs_wstat_post_utime(V9fsState *s, V9fsWstatState *vs, int err) > goto out; > } > > - if (vs->v9stat.n_gid != -1) { > + if (vs->v9stat.n_gid != -1 || vs->v9stat.n_uid != -1) { > if (v9fs_do_chown(s, &vs->fidp->path, vs->v9stat.n_uid, > vs->v9stat.n_gid)) { > err = -errno; > -- > 1.6.5.2 > > -aneesh