[PATCH 1/4] export/fuse: Add allow-other option

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Max Reitz <mreitz@redhat.com>
To: qemu-block@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>,
	qemu-devel@nongnu.org, Max Reitz <mreitz@redhat.com>
Subject: [PATCH 1/4] export/fuse: Add allow-other option
Date: Mon, 14 Jun 2021 16:44:04 +0200	[thread overview]
Message-ID: <20210614144407.134243-2-mreitz@redhat.com> (raw)
In-Reply-To: <20210614144407.134243-1-mreitz@redhat.com>

Without the allow_other mount option, no user (not even root) but the
one who started qemu/the storage daemon can access the export.  Allow
users to configure the export such that such accesses are possible.

When we do pass allow_other, we should also pass default_permissions,
because our export code performs no permission checks.  With
default_permissions, we can just let the kernel do it.

Signed-off-by: Max Reitz <mreitz@redhat.com>
---
 qapi/block-export.json | 11 ++++++++++-
 block/export/fuse.c    | 17 +++++++++++++++--
 2 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/qapi/block-export.json b/qapi/block-export.json
index e819e70cac..5d1cc04ac4 100644
--- a/qapi/block-export.json
+++ b/qapi/block-export.json
@@ -132,11 +132,20 @@
 # @growable: Whether writes beyond the EOF should grow the block node
 #            accordingly. (default: false)
 #
+# @allow-other: By default (if this is false), only qemu's user is allowed
+#               access to this export.  That cannot be changed even with
+#               chmod or chown.
+#               This option will allow other users access to the export with the
+#               FUSE mount options "allow_other,default_permissions".
+#               (default_permissions enables standard UNIX permission checks.)
+#               (since 6.1; default: false)
+#
 # Since: 6.0
 ##
 { 'struct': 'BlockExportOptionsFuse',
   'data': { 'mountpoint': 'str',
-            '*growable': 'bool' },
+            '*growable': 'bool',
+            '*allow-other': 'bool' },
   'if': 'defined(CONFIG_FUSE)' }
 
 ##
diff --git a/block/export/fuse.c b/block/export/fuse.c
index 38f74c94da..34a5836ece 100644
--- a/block/export/fuse.c
+++ b/block/export/fuse.c
@@ -46,6 +46,7 @@ typedef struct FuseExport {
     char *mountpoint;
     bool writable;
     bool growable;
+    bool allow_other;
 } FuseExport;
 
 static GHashTable *exports;
@@ -117,6 +118,7 @@ static int fuse_export_create(BlockExport *blk_exp,
     exp->mountpoint = g_strdup(args->mountpoint);
     exp->writable = blk_exp_args->writable;
     exp->growable = args->growable;
+    exp->allow_other = args->allow_other;
 
     ret = setup_fuse_export(exp, args->mountpoint, errp);
     if (ret < 0) {
@@ -150,11 +152,22 @@ static int setup_fuse_export(FuseExport *exp, const char *mountpoint,
 {
     const char *fuse_argv[4];
     char *mount_opts;
+    const char *allow_other;
     struct fuse_args fuse_args;
     int ret;
 
-    /* Needs to match what fuse_init() sets.  Only max_read must be supplied. */
-    mount_opts = g_strdup_printf("max_read=%zu", FUSE_MAX_BOUNCE_BYTES);
+    if (exp->allow_other) {
+        allow_other = ",allow_other,default_permissions";
+    } else {
+        allow_other = "";
+    }
+
+    /*
+     * max_read needs to match what fuse_init() sets.
+     * max_write need not be supplied.
+     */
+    mount_opts = g_strdup_printf("max_read=%zu%s", FUSE_MAX_BOUNCE_BYTES,
+                                 allow_other);
 
     fuse_argv[0] = ""; /* Dummy program name */
     fuse_argv[1] = "-o";
-- 
2.31.1

next prev parent reply	other threads:[~2021-06-14 14:46 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-14 14:44 [PATCH 0/4] export/fuse: Allow other users access to the export Max Reitz
2021-06-14 14:44 ` Max Reitz [this message]
2021-06-22 15:00   ` [PATCH 1/4] export/fuse: Add allow-other option Kevin Wolf
2021-06-14 14:44 ` [PATCH 2/4] export/fuse: Give SET_ATTR_SIZE its own branch Max Reitz
2021-06-22 15:01   ` Kevin Wolf
2021-06-14 14:44 ` [PATCH 3/4] export/fuse: Let permissions be adjustable Max Reitz
2021-06-22 15:02   ` Kevin Wolf
2021-06-22 15:22     ` Max Reitz
2021-06-22 16:34       ` Kevin Wolf
2021-06-14 14:44 ` [PATCH 4/4] iotests/308: Test allow-other Max Reitz
2021-06-22 15:08   ` Kevin Wolf
2021-06-22 15:32     ` Max Reitz
2021-06-21 16:12 ` [PATCH 0/4] export/fuse: Allow other users access to the export Kevin Wolf
2021-06-21 17:18   ` Max Reitz

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:e819e70ca dfblob:5d1cc04ac dfblob:38f74c94d dfblob:34a5836ec )
 OR (
bs:"[PATCH 1/4] export/fuse: Add allow-other option" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210614144407.134243-2-mreitz@redhat.com \
    --to=mreitz@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).