* [RFC PATCH] tools/virtiofsd: add support for --socket-group
@ 2020-03-04 18:50 Alex Bennée
2020-03-06 13:17 ` Stefan Hajnoczi
0 siblings, 1 reply; 2+ messages in thread
From: Alex Bennée @ 2020-03-04 18:50 UTC (permalink / raw)
To: qemu-devel; +Cc: Alex Bennée, Dr. David Alan Gilbert, Stefan Hajnoczi
If you like running QEMU as a normal user (very common for TCG runs)
but you have to run virtiofsd as a root user you run into connection
problems. Adding support for an optional --socket-group allows the
users to keep using the command line.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
---
docs/tools/virtiofsd.rst | 4 ++++
tools/virtiofsd/fuse_i.h | 1 +
tools/virtiofsd/fuse_lowlevel.c | 6 ++++++
tools/virtiofsd/fuse_virtio.c | 20 ++++++++++++++++++--
4 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
index 378594c422a..6d2342f74d4 100644
--- a/docs/tools/virtiofsd.rst
+++ b/docs/tools/virtiofsd.rst
@@ -85,6 +85,10 @@ Options
Listen on vhost-user UNIX domain socket at PATH.
+.. option:: --socket-group=GROUP
+
+ Also make vhost-user UNIX domain socket accessible to GROUP.
+
.. option:: --fd=FDNUM
Accept connections from vhost-user UNIX domain socket file descriptor FDNUM.
diff --git a/tools/virtiofsd/fuse_i.h b/tools/virtiofsd/fuse_i.h
index 1240828208a..492e002181e 100644
--- a/tools/virtiofsd/fuse_i.h
+++ b/tools/virtiofsd/fuse_i.h
@@ -68,6 +68,7 @@ struct fuse_session {
size_t bufsize;
int error;
char *vu_socket_path;
+ char *vu_socket_group;
int vu_listen_fd;
int vu_socketfd;
struct fv_VuDev *virtio_dev;
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index 2dd36ec03b6..4d1ba2925d1 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -2523,6 +2523,7 @@ static const struct fuse_opt fuse_ll_opts[] = {
LL_OPTION("--debug", debug, 1),
LL_OPTION("allow_root", deny_others, 1),
LL_OPTION("--socket-path=%s", vu_socket_path, 0),
+ LL_OPTION("--socket-group=%s", vu_socket_group, 0),
LL_OPTION("--fd=%d", vu_listen_fd, 0),
LL_OPTION("--thread-pool-size=%d", thread_pool_size, 0),
FUSE_OPT_END
@@ -2630,6 +2631,11 @@ struct fuse_session *fuse_session_new(struct fuse_args *args,
"fuse: --socket-path and --fd cannot be given together\n");
goto out4;
}
+ if (se->vu_socket_group && !se->vu_socket_path) {
+ fuse_log(FUSE_LOG_ERR,
+ "fuse: --socket-group can only be used with --socket-path\n");
+ goto out4;
+ }
se->bufsize = FUSE_MAX_MAX_PAGES * getpagesize() + FUSE_BUFFER_HEADER_SIZE;
diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c
index 3b6d16a0417..13d69525646 100644
--- a/tools/virtiofsd/fuse_virtio.c
+++ b/tools/virtiofsd/fuse_virtio.c
@@ -31,6 +31,8 @@
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
+#include <sys/types.h>
+#include <grp.h>
#include <unistd.h>
#include "contrib/libvhost-user/libvhost-user.h"
@@ -924,15 +926,29 @@ static int fv_create_listen_socket(struct fuse_session *se)
/*
* Unfortunately bind doesn't let you set the mask on the socket,
- * so set umask to 077 and restore it later.
+ * so set umask to appropriately and restore it later.
*/
- old_umask = umask(0077);
+ if (se->vu_socket_group) {
+ old_umask = umask(S_IROTH | S_IWOTH | S_IXOTH);
+ } else {
+ old_umask = umask(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH);
+ }
if (bind(listen_sock, (struct sockaddr *)&un, addr_len) == -1) {
fuse_log(FUSE_LOG_ERR, "vhost socket bind: %m\n");
close(listen_sock);
umask(old_umask);
return -1;
}
+ if (se->vu_socket_group) {
+ struct group *g = getgrnam(se->vu_socket_group);
+ if (g) {
+ if (!chown(se->vu_socket_path, -1, g->gr_gid)) {
+ fuse_log(FUSE_LOG_WARNING,
+ "vhost socket failed to set group to %s (%d)\n",
+ se->vu_socket_group, g->gr_gid);
+ }
+ }
+ }
umask(old_umask);
if (listen(listen_sock, 1) == -1) {
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [RFC PATCH] tools/virtiofsd: add support for --socket-group
2020-03-04 18:50 [RFC PATCH] tools/virtiofsd: add support for --socket-group Alex Bennée
@ 2020-03-06 13:17 ` Stefan Hajnoczi
0 siblings, 0 replies; 2+ messages in thread
From: Stefan Hajnoczi @ 2020-03-06 13:17 UTC (permalink / raw)
To: Alex Bennée; +Cc: qemu-devel, Stefan Hajnoczi, Dr. David Alan Gilbert
[-- Attachment #1: Type: text/plain, Size: 909 bytes --]
On Wed, Mar 04, 2020 at 06:50:25PM +0000, Alex Bennée wrote:
> diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
> index 378594c422a..6d2342f74d4 100644
> --- a/docs/tools/virtiofsd.rst
> +++ b/docs/tools/virtiofsd.rst
> @@ -85,6 +85,10 @@ Options
>
> Listen on vhost-user UNIX domain socket at PATH.
>
> +.. option:: --socket-group=GROUP
> +
> + Also make vhost-user UNIX domain socket accessible to GROUP.
Files only have one gid but the above sentence can be interpreted as
"add GROUP" (instead of "set GROUP"). Please drop "Also" to make the
meaning clearer.
> @@ -924,15 +926,29 @@ static int fv_create_listen_socket(struct fuse_session *se)
>
> /*
> * Unfortunately bind doesn't let you set the mask on the socket,
> - * so set umask to 077 and restore it later.
> + * so set umask to appropriately and restore it later.
s/ to //
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-06 13:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-04 18:50 [RFC PATCH] tools/virtiofsd: add support for --socket-group Alex Bennée
2020-03-06 13:17 ` Stefan Hajnoczi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).