[PATCH 01/25] virtiofsd: passthrough_ll: create new files in caller's context

["Dr. David Alan Gilbert (git)" <dgilbert@redhat.com>]

From: Vivek Goyal <vgoyal@redhat.com>

We need to create files in callers context. Otherwise afer creating file,
caller himself might not be able to do file operations on that file.

Changed effective uid/gid to caller's uid/gid, create file and then
switch backto uid/gid 0.

Use syscall(setresuid, ...) otherwise glibc does some magic to change EUID
in all threads, which is not what we want.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
---
 contrib/virtiofsd/passthrough_ll.c | 75 ++++++++++++++++++++++++++++--
 1 file changed, 71 insertions(+), 4 deletions(-)

diff --git a/contrib/virtiofsd/passthrough_ll.c b/contrib/virtiofsd/passthrough_ll.c
index 2a1a880224..2de35d4d3d 100644
--- a/contrib/virtiofsd/passthrough_ll.c
+++ b/contrib/virtiofsd/passthrough_ll.c
@@ -49,6 +49,7 @@
 #include <inttypes.h>
 #include <pthread.h>
 #include <sys/file.h>
+#include <sys/syscall.h>
 #include <sys/xattr.h>
 
 #include "passthrough_helpers.h"
@@ -78,6 +79,11 @@ struct lo_inode {
 	uint64_t refcount; /* protected by lo->mutex */
 };
 
+struct lo_cred {
+	uid_t euid;
+	gid_t egid;
+};
+
 enum {
 	CACHE_NEVER,
 	CACHE_NORMAL,
@@ -376,6 +382,51 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name)
 		fuse_reply_entry(req, &e);
 }
 
+/*
+ * Change to uid/gid of caller so that file is created with
+ * ownership of caller.
+ * TODO: What about selinux context?
+ */
+static int lo_change_cred(fuse_req_t req, struct lo_cred *old)
+{
+	int res;
+
+	old->euid = geteuid();
+	old->egid = getegid();
+
+	res = syscall(SYS_setresgid, -1,fuse_req_ctx(req)->gid, -1);
+	if (res == -1)
+		return errno;
+
+	res = syscall(SYS_setresuid, -1, fuse_req_ctx(req)->uid, -1);
+	if (res == -1) {
+		int errno_save = errno;
+
+		syscall(SYS_setresgid, -1, old->egid, -1);
+		return errno_save;
+	}
+
+	return 0;
+}
+
+/* Regain Privileges */
+static void lo_restore_cred(struct lo_cred *old)
+{
+	int res;
+
+	res = syscall(SYS_setresuid, -1, old->euid, -1);
+	if (res == -1) {
+		fuse_log(FUSE_LOG_ERR, "seteuid(%u): %m\n", old->euid);
+		exit(1);
+	}
+
+	res = syscall(SYS_setresgid, -1, old->egid, -1);
+	if (res == -1) {
+		fuse_log(FUSE_LOG_ERR, "setegid(%u): %m\n", old->egid);
+		exit(1);
+	}
+}
+
 static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
 			     const char *name, mode_t mode, dev_t rdev,
 			     const char *link)
@@ -384,12 +435,20 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
 	int saverr;
 	struct lo_inode *dir = lo_inode(req, parent);
 	struct fuse_entry_param e;
+	struct lo_cred old = {};
 
 	saverr = ENOMEM;
 
+	saverr = lo_change_cred(req, &old);
+	if (saverr)
+		goto out;
+
 	res = mknod_wrapper(dir->fd, name, link, mode, rdev);
 
 	saverr = errno;
+
+	lo_restore_cred(&old);
+
 	if (res == -1)
 		goto out;
 
@@ -768,23 +827,31 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
 	struct lo_data *lo = lo_data(req);
 	struct fuse_entry_param e;
 	int err;
+	struct lo_cred old = {};
 
 	if (lo_debug(req))
 		fuse_log(FUSE_LOG_DEBUG, "lo_create(parent=%" PRIu64 ", name=%s)\n",
 			parent, name);
 
+	err = lo_change_cred(req, &old);
+	if (err)
+		goto out;
+
 	fd = openat(lo_fd(req, parent), name,
 		    (fi->flags | O_CREAT) & ~O_NOFOLLOW, mode);
-	if (fd == -1)
-		return (void) fuse_reply_err(req, errno);
+	err = fd == -1 ? errno : 0;
+	lo_restore_cred(&old);
 
-	fi->fh = fd;
+	if (!err) {
+		fi->fh = fd;
+		err = lo_do_lookup(req, parent, name, &e);
+	}
 	if (lo->cache == CACHE_NEVER)
 		fi->direct_io = 1;
 	else if (lo->cache == CACHE_ALWAYS)
 		fi->keep_cache = 1;
 
-	err = lo_do_lookup(req, parent, name, &e);
+out:
 	if (err)
 		fuse_reply_err(req, err);
 	else
-- 
2.23.0