From: "Daniel P. Berrange" <berrange@redhat.com>
To: Chun Yan Liu <cyliu@suse.com>
Cc: libvir-list@redhat.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 1/2] add 'umask' option to -chardev
Date: Tue, 2 Sep 2014 10:16:55 +0100 [thread overview]
Message-ID: <20140902091655.GB21282@redhat.com> (raw)
In-Reply-To: <5405F9A3020000660005BB22@soto.provo.novell.com>
On Tue, Sep 02, 2014 at 03:08:51AM -0600, Chun Yan Liu wrote:
>
>
> >>> On 9/2/2014 at 04:54 PM, in message <20140902085434.GA21282@redhat.com>,
> "Daniel P. Berrange" <berrange@redhat.com> wrote:
> > On Tue, Sep 02, 2014 at 03:40:42PM +0800, Chunyan Liu wrote:
> > > To use virtio-serial device, unix socket created for chardev with
> > > default umask(022) has insufficient permissions.
> > >
> > > e.g. start kvm guest with:
> > > -device virtio-serial \
> > > -chardev socket,path=/tmp/foo,server,nowait,id=foo \
> > > -device virtserialport,chardev=foo,name=org.fedoraproject.port.0
> > >
> > > Check permissions for the socket file that has been created in the host
> > > to enable communication through virtual serial ports in the guest:
> > > #ls -l /tmp/somefile.sock
> > > srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock
> > >
> > > Other users in the qemu group (like real user, test engines, etc) cannot
> > > write to this socket.
> > >
> > > Problem reported here:
> > > https://sourceware.org/bugzilla/show_bug.cgi?id=13078#c11
> > > https://bugzilla.novell.com/show_bug.cgi?id=888166
> > >
> > > This patch tries to add a 'umask' option to 'chardev', so that user
> > > can have chance to indicate a umask overwritting the default one (default
> > > is 022), then create unix sockets with expected permissions.
> > >
> > > Signed-off-by: Chunyan Liu <cyliu@suse.com>
> > > ---
> > > This is patch for qemu.
> > >
> > > qemu-char.c | 3 +++
> > > qemu-options.hx | 9 +++++++--
> > > util/qemu-sockets.c | 12 +++++++++++-
> > > 3 files changed, 21 insertions(+), 3 deletions(-)
> >
> > > diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
> > > index 5d38395..facf2c6 100644
> > > --- a/util/qemu-sockets.c
> > > +++ b/util/qemu-sockets.c
> > > @@ -680,7 +680,8 @@ int unix_listen_opts(QemuOpts *opts, Error **errp)
> > > {
> > > struct sockaddr_un un;
> > > const char *path = qemu_opt_get(opts, "path");
> > > - int sock, fd;
> > > + int newmask = qemu_opt_get_number(opts, "umask", 0);
> > > + int sock, fd, oldmask;
> > >
> > > sock = qemu_socket(PF_UNIX, SOCK_STREAM, 0);
> > > if (sock < 0) {
> > > @@ -708,10 +709,19 @@ int unix_listen_opts(QemuOpts *opts, Error **errp)
> > > }
> > >
> > > unlink(un.sun_path);
> > > + if (newmask) {
> > > + oldmask = umask(newmask);
> > > + }
> > > if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) {
> > > + if (newmask) {
> > > + umask(oldmask);
> > > + }
> > > error_set_errno(errp, errno, QERR_SOCKET_BIND_FAILED);
> > > goto err;
> > > }
> > > + if (newmask) {
> > > + umask(oldmask);
> > > + }
> >
> > Setting umask() is not thread-safe as it affects the entire process. While
> > this is OK for chardevs which are cold-plugged at startup, once QEMU is
> > running it is not OK to alter umask during hotplug of devices.
> >
> > Wouldn't it be simpler for libvirt to simply set the umask to 002 when it
> > first launches QEMU, avoiding the need for trying todo this per device.
>
> I think that's OK. Only one thing: I'm not sure if permissions of any other
> file created in qemu will be changed due to this change, and if that is
> unexpected or not.
Whether or not it causes problems today is only half the story. I'm more
concerned about the long term problems. The use of threads is increasing
in QEMU over time, so manipulating umask() is a time-bomb waiting to strike
at some point in the future when people have forgotten that this proposed
feature exists. IMHO umask() should simply never be used when multiple
threads are running, to avoid this long term risk entirely.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2014-09-02 9:17 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-02 7:40 [Qemu-devel] [PATCH 0/2] fix: unix sockets created for virtio-serail has insufficient permissions Chunyan Liu
2014-09-02 7:40 ` [Qemu-devel] [PATCH 1/2] add 'umask' option to -chardev Chunyan Liu
2014-09-02 8:54 ` Daniel P. Berrange
2014-09-02 9:08 ` Chun Yan Liu
2014-09-02 9:16 ` Daniel P. Berrange [this message]
2014-09-02 10:05 ` Chun Yan Liu
2014-09-02 10:53 ` Markus Armbruster
2014-09-02 7:40 ` [Qemu-devel] [PATCH 2/2] qemu: add umask(002) to virtio-serial chardev commandline Chunyan Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140902091655.GB21282@redhat.com \
--to=berrange@redhat.com \
--cc=cyliu@suse.com \
--cc=libvir-list@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).