Re: [Qemu-devel] [V3 PATCH 7/8] virtio-9p: Move file post creation changes to none security model

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: "Daniel P. Berrange" <berrange@redhat.com>
To: "M. Mohan Kumar" <mohan@in.ibm.com>
Cc: Stefan Hajnoczi <stefanha@gmail.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [V3 PATCH 7/8] virtio-9p: Move file post creation changes to none security model
Date: Thu, 20 Jan 2011 14:48:36 +0000	[thread overview]
Message-ID: <20110120144836.GN8675@redhat.com> (raw)
In-Reply-To: <201101202011.28037.mohan@in.ibm.com>

On Thu, Jan 20, 2011 at 08:11:27PM +0530, M. Mohan Kumar wrote:
> On Thursday 20 January 2011 2:29:54 pm Stefan Hajnoczi wrote:
> > On Tue, Jan 18, 2011 at 01:54:16PM +0530, M. Mohan Kumar wrote:
> 
> > > -    if (lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) {
> > > -        /*
> > > -         * If we fail to change ownership and if we are
> > > -         * using security model none. Ignore the error
> > > -         */
> > > -        if (fs_ctx->fs_sm != SM_NONE) {
> > > -            return -1;
> > > -        }
> > > -    }
> > > +    retval = lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
> > > 
> > >      return 0;
> > >  
> > >  }
> > 
> > retval is unused.
> > 
> 
> That was used to disable the warning message "error: ignoring return value of 
> ‘lchown’, declared with attribute warn_unused_result"
> 
> Otherwise I have to use
> if (lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid)) {
> 	;
> }
> 
> > Can multiple virtio-9p requests execute at a time?  chmod() and lchown()
> > after creation is a race condition if other requests can execute
> > concurrently.
> > 
> 
> We can't implement file creation with requested user credentials and permission 
> bits in the none security model atomically. Its expected behaviour only

Well you could do the nasty trick of forking a child process
and doing setuid/gid in that and then creating the file before
letting the parent continue.

  if ((pid = fork()) == 0) {
     setuid(fc_uid);
     setgid(fc_gid);
     fd =open("foo", O_CREAT);
     close(fd);
  } else {
     waitpid(pid);
  }

This kind of approach is in fact required if you want to
be able to create files with a special uid/gid on a root
squashing NFS server, because otherwise your QEMU running
as root will have its files squashed to 'nobody' when initially
created, and lchown will fail with EPERM.  You might decide
that root squashing NFS is too painful to care about supporting
though :-)

Regards,
Daniel

next prev parent reply	other threads:[~2011-01-20 14:48 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-01-18  6:23 [Qemu-devel] [V3 PATCH 0/8] virtio-9p: Use chroot to safely access files in passthrough model M. Mohan Kumar
2011-01-18  6:25 ` [Qemu-devel] [V3 PATCH 1/8] virtio-9p: Implement qemu_read_full M. Mohan Kumar
2011-01-18  6:25 ` [Qemu-devel] [V3 PATCH 2/8] virtio-9p: Provide chroot environment server side interfaces M. Mohan Kumar
2011-01-18 17:03   ` Blue Swirl
2011-01-18  6:25 ` [Qemu-devel] [V3 PATCH 3/8] virtio-9p: Add client side interfaces for chroot environment M. Mohan Kumar
2011-01-18  6:25 ` [Qemu-devel] [V3 PATCH 4/8] virtio-9p: Add support to open a file in " M. Mohan Kumar
2011-01-18  6:25 ` [Qemu-devel] [V3 PATCH 5/8] virtio-9p: Create support " M. Mohan Kumar
2011-01-18 17:08   ` Blue Swirl
2011-01-19 11:08     ` M. Mohan Kumar
2011-01-18  6:26 ` [Qemu-devel] [V3 PATCH 6/8] virtio-9p: Support for creating special files M. Mohan Kumar
2011-01-18 17:11   ` Blue Swirl
2011-01-18  6:26 ` [Qemu-devel] [V3 PATCH 8/8] virtio-9p: Chroot environment for other functions M. Mohan Kumar
2011-01-18  8:24 ` [Qemu-devel] [V3 PATCH 7/8] virtio-9p: Move file post creation changes to none security model M. Mohan Kumar
2011-01-20  8:59   ` Stefan Hajnoczi
2011-01-20 14:41     ` M. Mohan Kumar
2011-01-20 14:48       ` Daniel P. Berrange [this message]
2011-01-20 21:15         ` Stefan Hajnoczi
2011-01-20 21:15     ` Venkateswararao Jujjuri (JV)
2011-01-20 21:45       ` Stefan Hajnoczi
2011-01-21  6:55         ` Venkateswararao Jujjuri (JV)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110120144836.GN8675@redhat.com \
    --to=berrange@redhat.com \
    --cc=mohan@in.ibm.com \
    --cc=qemu-devel@nongnu.org \
    --cc=stefanha@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).