From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.186.70.92] (port=37290 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Pfvod-0007vr-91 for qemu-devel@nongnu.org; Thu, 20 Jan 2011 09:48:48 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Pfvoc-0006pl-7c for qemu-devel@nongnu.org; Thu, 20 Jan 2011 09:48:47 -0500 Received: from mx1.redhat.com ([209.132.183.28]:5467) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Pfvob-0006pg-VJ for qemu-devel@nongnu.org; Thu, 20 Jan 2011 09:48:46 -0500 Date: Thu, 20 Jan 2011 14:48:36 +0000 From: "Daniel P. Berrange" Subject: Re: [Qemu-devel] [V3 PATCH 7/8] virtio-9p: Move file post creation changes to none security model Message-ID: <20110120144836.GN8675@redhat.com> References: <1295331799-23856-1-git-send-email-mohan@in.ibm.com> <1295339056-25396-1-git-send-email-mohan@in.ibm.com> <20110120085954.GB24021@stefanha-thinkpad.localdomain> <201101202011.28037.mohan@in.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <201101202011.28037.mohan@in.ibm.com> Content-Transfer-Encoding: quoted-printable Reply-To: "Daniel P. Berrange" List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "M. Mohan Kumar" Cc: Stefan Hajnoczi , qemu-devel@nongnu.org On Thu, Jan 20, 2011 at 08:11:27PM +0530, M. Mohan Kumar wrote: > On Thursday 20 January 2011 2:29:54 pm Stefan Hajnoczi wrote: > > On Tue, Jan 18, 2011 at 01:54:16PM +0530, M. Mohan Kumar wrote: >=20 > > > - if (lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) = < 0) { > > > - /* > > > - * If we fail to change ownership and if we are > > > - * using security model none. Ignore the error > > > - */ > > > - if (fs_ctx->fs_sm !=3D SM_NONE) { > > > - return -1; > > > - } > > > - } > > > + retval =3D lchown(rpath(fs_ctx, path), credp->fc_uid, credp->f= c_gid); > > >=20 > > > return 0; > > > =20 > > > } > >=20 > > retval is unused. > >=20 >=20 > That was used to disable the warning message "error: ignoring return va= lue of=20 > =E2=80=98lchown=E2=80=99, declared with attribute warn_unused_result" >=20 > Otherwise I have to use > if (lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid)) { > ; > } >=20 > > Can multiple virtio-9p requests execute at a time? chmod() and lchow= n() > > after creation is a race condition if other requests can execute > > concurrently. > >=20 >=20 > We can't implement file creation with requested user credentials and pe= rmission=20 > bits in the none security model atomically. Its expected behaviour only Well you could do the nasty trick of forking a child process and doing setuid/gid in that and then creating the file before letting the parent continue. if ((pid =3D fork()) =3D=3D 0) { setuid(fc_uid); setgid(fc_gid); fd =3Dopen("foo", O_CREAT); close(fd); } else { waitpid(pid); } This kind of approach is in fact required if you want to be able to create files with a special uid/gid on a root squashing NFS server, because otherwise your QEMU running as root will have its files squashed to 'nobody' when initially created, and lchown will fail with EPERM. You might decide that root squashing NFS is too painful to care about supporting though :-) Regards, Daniel