From: "M. Mohan Kumar" <mohan@in.ibm.com>
To: Stefan Hajnoczi <stefanha@gmail.com>
Cc: qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [V7 PATCH 7/9] virtio-9p: Support for creating special files
Date: Wed, 9 Mar 2011 13:38:31 +0530 [thread overview]
Message-ID: <201103091338.32071.mohan@in.ibm.com> (raw)
In-Reply-To: <AANLkTi=MRbf2TXR-ZdLq7dUEjzhj3uAMA3pPEgRDs604@mail.gmail.com>
On Friday 04 March 2011 4:36:35 pm Stefan Hajnoczi wrote:
> On Fri, Mar 4, 2011 at 9:25 AM, M. Mohan Kumar <mohan@in.ibm.com> wrote:
> > +static int chroot_do_create_special(V9fsFileObjectRequest *request)
> > +{
> > + int cur_uid, cur_gid;
> > + int retval = -1;
> > +
> > + cur_uid = geteuid();
> > + cur_gid = getegid();
> > +
> > + if (setfsuid(request->data.uid) < 0) {
> > + return -errno;
> > + }
> > + if (setfsgid(request->data.gid) < 0) {
> > + retval = -errno;
> > + goto unset_uid;
> > + }
> > +
> > + switch (request->data.type) {
> > + case T_MKDIR:
> > + retval = mkdir(request->path.path, request->data.mode);
> > + break;
> > + case T_SYMLINK:
> > + retval = symlink(request->path.old_path, request->path.path);
> > + break;
> > + case T_LINK:
> > + retval = link(request->path.old_path, request->path.path);
> > + break;
> > + default:
> > + retval = mknod(request->path.path, request->data.mode,
> > + request->data.dev);
> > + break;
> > + }
> > +
> > + if (retval < 0) {
> > + retval = -errno;
> > + }
> > + setfsgid(cur_gid);
> > +unset_uid:
> > + setfsuid(cur_uid);
> > + return retval;
> > +}
>
> It would be nice to take this one step further and move file create
> and open here too. The prototype we need is:
>
> static int chroot_handle_request(V9fsFileObjectRequest *request, int *fd)
> {
> *fd = -1;
>
> It returns 0 on success or -errno and *fd >= 0 if a file descriptor
> was opened and -1 otherwise.
>
> This function becomes the main request processing function called from
> v9fs_chroot() and the switch statement there can be eliminated.
>
We don't need setfsgid, setfsuid for normal open. Also I think having separate
function based on the functionality helps better code readability.
> Sending the response back to QEMU then gets a cleaned up prototype:
> chroot_sendfd(int chroot_sock, int result, int fd) where result is 0
> on success or -errno and fd >= 0 if present or -1 if not.
>
> > +int v9fs_create_special(FsContext *fs_ctx, V9fsFileObjectRequest
> > *request) +{
> > + int retval, sock_error;
> > + qemu_mutex_lock(&fs_ctx->chroot_mutex);
> > + if (fs_ctx->chroot_ioerror) {
> > + retval = -EIO;
> > + goto unlock;
> > + }
> > + if (v9fs_write_request(fs_ctx->chroot_socket, request) < 0) {
> > + fs_ctx->chroot_ioerror = 1;
> > + retval = -EIO;
> > + goto unlock;
> > + }
> > + retval = v9fs_receivefd(fs_ctx->chroot_socket, &sock_error);
> > + if (retval < 0 && sock_error) {
> > + fs_ctx->chroot_ioerror = 1;
> > + }
> > +unlock:
> > + qemu_mutex_unlock(&fs_ctx->chroot_mutex);
> > + return retval;
> > +}
>
> This function is a duplicate of v9fs_request(). Can't there be just
> one function?
>
Yeah, I will make it as a single function.
----
M. Mohan Kumar
next prev parent reply other threads:[~2011-03-09 8:09 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-04 9:25 [Qemu-devel] [V7 PATCH 0/9] virtio-9p: Use chroot to safely access files in passthrough security model M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 1/9] Implement qemu_read_full M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 2/9] virtio-9p: Enable CONFIG_THREAD if CONFIG_VIRTFS is enabled M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 3/9] virtio-9p: Provide chroot worker side interfaces M. Mohan Kumar
2011-03-04 10:53 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-08 5:10 ` Venkateswararao Jujjuri (JV)
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 4/9] virtio-9p: Add qemu side interfaces for chroot environment M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 5/9] virtio-9p: Add support to open a file in " M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 6/9] virtio-9p: Create support " M. Mohan Kumar
2011-03-04 10:28 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 7/9] virtio-9p: Support for creating special files M. Mohan Kumar
2011-03-04 11:06 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-09 8:08 ` M. Mohan Kumar [this message]
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 8/9] virtio-9p: Move file post creation changes to none security model M. Mohan Kumar
2011-03-04 9:25 ` [Qemu-devel] [V7 PATCH 9/9] virtio-9p: Chroot environment for other functions M. Mohan Kumar
2011-03-04 11:52 ` [Qemu-devel] " Stefan Hajnoczi
2011-03-09 8:10 ` M. Mohan Kumar
2011-03-11 17:12 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201103091338.32071.mohan@in.ibm.com \
--to=mohan@in.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).