From: Anthony Liguori <aliguori@linux.vnet.ibm.com>
To: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to specify the security model.
Date: Mon, 24 May 2010 15:10:44 -0500 [thread overview]
Message-ID: <4BFADD44.8060401@linux.vnet.ibm.com> (raw)
In-Reply-To: <1274477170-7658-2-git-send-email-jvrao@linux.vnet.ibm.com>
On 05/21/2010 04:26 PM, Venkateswararao Jujjuri (JV) wrote:
> The new option is:
>
> -fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough]
> -virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag
>
> In the case of mapped security model, files are created with QEMU user
> credentials and the client-user's credentials are saved in extended attributes.
> Whereas in the case of passthrough security model, files on the
> filesystem are directly created with client-user's credentials.
>
> Signed-off-by: Venkateswararao Jujjuri<jvrao@linux.vnet.ibm.com>
> ---
> fsdev/qemu-fsdev.c | 14 +++++++++++++-
> fsdev/qemu-fsdev.h | 1 +
> hw/virtio-9p.c | 14 ++++++++++++++
> qemu-config.c | 12 +++++++++---
> qemu-options.hx | 15 +++++++++++----
> vl.c | 18 +++++++++++++++---
> 6 files changed, 63 insertions(+), 11 deletions(-)
>
> diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
> index 813e1f7..7d7a153 100644
> --- a/fsdev/qemu-fsdev.c
> +++ b/fsdev/qemu-fsdev.c
> @@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts)
> return -1;
> }
>
> - for (i = 0; i< ARRAY_SIZE(FsTypes); i++) {
> + for (i = 0; i< ARRAY_SIZE(FsTypes); i++) {
> if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
> break;
> }
> @@ -46,10 +46,22 @@ int qemu_fsdev_add(QemuOpts *opts)
> return -1;
> }
>
> + if (qemu_opt_get(opts, "path") == NULL) {
> + fprintf(stderr, "fsdev: No path specified.\n");
> + return -1;
> + }
> +
> + if (qemu_opt_get(opts, "security_model") == NULL) {
> + fprintf(stderr, "fsdev: No security_model specified.\n");
> + return -1;
> + }
> +
> fsle = qemu_malloc(sizeof(*fsle));
>
> fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
> fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
> + fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
> + "security_model"));
> fsle->fse.ops = FsTypes[i].ops;
>
> QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
> diff --git a/fsdev/qemu-fsdev.h b/fsdev/qemu-fsdev.h
> index b50fbe0..6c27881 100644
> --- a/fsdev/qemu-fsdev.h
> +++ b/fsdev/qemu-fsdev.h
> @@ -40,6 +40,7 @@ typedef struct FsTypeTable {
> typedef struct FsTypeEntry {
> char *fsdev_id;
> char *path;
> + char *security_model;
> FileOperations *ops;
> } FsTypeEntry;
>
> diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
> index 687abc0..8ecd39c 100644
> --- a/hw/virtio-9p.c
> +++ b/hw/virtio-9p.c
> @@ -2413,6 +2413,20 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
> exit(1);
> }
>
> + if (!strcmp(fse->security_model, "passthrough")) {
> + /* Files on the Fileserver set to client user credentials */
> + } else if (!strcmp(fse->security_model, "mapped")) {
> + /* Files on the fileserver are set to QEMU credentials.
> + * Client user credentials are saved in extended attributes.
> + */
> + } else {
> + /* user haven't specified a correct security option */
> + fprintf(stderr, "one of the following must be specified as the"
> + "security option:\n\t security_model=passthrough \n\t "
> + "security_model=mapped\n");
> + exit(1);
> + }
>
error_report and a return NULL would be more appropriate than an exit(1).
Regards,
Anthony Liguori
> +
> if (lstat(fse->path,&stat)) {
> fprintf(stderr, "share path %s does not exist\n", fse->path);
> exit(1);
> diff --git a/qemu-config.c b/qemu-config.c
> index d500885..e1e3aa1 100644
> --- a/qemu-config.c
> +++ b/qemu-config.c
> @@ -160,9 +160,12 @@ QemuOptsList qemu_fsdev_opts = {
> {
> .name = "fstype",
> .type = QEMU_OPT_STRING,
> - }, {
> + },{
> .name = "path",
> .type = QEMU_OPT_STRING,
> + },{
> + .name = "security_model",
> + .type = QEMU_OPT_STRING,
> },
> { /*End of list */ }
> },
> @@ -178,12 +181,15 @@ QemuOptsList qemu_virtfs_opts = {
> {
> .name = "fstype",
> .type = QEMU_OPT_STRING,
> - }, {
> + },{
> .name = "path",
> .type = QEMU_OPT_STRING,
> - }, {
> + },{
> .name = "mount_tag",
> .type = QEMU_OPT_STRING,
> + },{
> + .name = "security_model",
> + .type = QEMU_OPT_STRING,
> },
>
> { /*End of list */ }
> diff --git a/qemu-options.hx b/qemu-options.hx
> index 12f6b51..d557c92 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -482,7 +482,7 @@ ETEXI
> DEFHEADING(File system options:)
>
> DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
> - "-fsdev local,id=id,path=path\n",
> + "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
> QEMU_ARCH_ALL)
>
> STEXI
> @@ -498,7 +498,7 @@ The specific Fstype will determine the applicable options.
>
> Options to each backend are described below.
>
> -@item -fsdev local ,id=@var{id} ,path=@var{path}
> +@item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model}
>
> Create a file-system-"device" for local-filesystem.
>
> @@ -506,6 +506,9 @@ Create a file-system-"device" for local-filesystem.
>
> @option{path} specifies the path to be exported. @option{path} is required.
>
> +@option{security_model} specifies the security model to be followed.
> +@option{security_model} is required.
> +
> @end table
> ETEXI
> #endif
> @@ -514,7 +517,7 @@ ETEXI
> DEFHEADING(Virtual File system pass-through options:)
>
> DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
> - "-virtfs local,path=path,mount_tag=tag\n",
> + "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
> QEMU_ARCH_ALL)
>
> STEXI
> @@ -530,7 +533,7 @@ The specific Fstype will determine the applicable options.
>
> Options to each backend are described below.
>
> -@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag}
> +@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model}
>
> Create a Virtual file-system-pass through for local-filesystem.
>
> @@ -538,6 +541,10 @@ Create a Virtual file-system-pass through for local-filesystem.
>
> @option{path} specifies the path to be exported. @option{path} is required.
>
> +@option{security_model} specifies the security model to be followed.
> +@option{security_model} is required.
> +
> +
> @option{mount_tag} specifies the tag with which the exported file is mounted.
> @option{mount_tag} is required.
>
> diff --git a/vl.c b/vl.c
> index 85bcc84..a341781 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -3109,10 +3109,21 @@ int main(int argc, char **argv, char **envp)
> exit(1);
> }
>
> - len = strlen(",id=,path=");
> + if (qemu_opt_get(opts, "fstype") == NULL ||
> + qemu_opt_get(opts, "mount_tag") == NULL ||
> + qemu_opt_get(opts, "path") == NULL ||
> + qemu_opt_get(opts, "security_model") == NULL) {
> + fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
> + "security_model=[mapped|passthrough],"
> + "mnt_tag=tag.\n");
> + exit(1);
> + }
> +
> + len = strlen(",id=,path=,security_model=");
> len += strlen(qemu_opt_get(opts, "fstype"));
> len += strlen(qemu_opt_get(opts, "mount_tag"));
> len += strlen(qemu_opt_get(opts, "path"));
> + len += strlen(qemu_opt_get(opts, "security_model"));
> arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
>
> if (!arg_fsdev) {
> @@ -3121,10 +3132,11 @@ int main(int argc, char **argv, char **envp)
> exit(1);
> }
>
> - sprintf(arg_fsdev, "%s,id=%s,path=%s",
> + sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
> qemu_opt_get(opts, "fstype"),
> qemu_opt_get(opts, "mount_tag"),
> - qemu_opt_get(opts, "path"));
> + qemu_opt_get(opts, "path"),
> + qemu_opt_get(opts, "security_model"));
>
> len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
> len += 2*strlen(qemu_opt_get(opts, "mount_tag"));
>
next prev parent reply other threads:[~2010-05-24 20:11 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-21 21:26 [Qemu-devel] [PATCH-V2 0/7] virtio-9p:Introducing security model for VirtFS Venkateswararao Jujjuri (JV)
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to specify the security model Venkateswararao Jujjuri (JV)
2010-05-24 20:10 ` Anthony Liguori [this message]
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 2/7] virtio-9p: Rearrange fileop structures Venkateswararao Jujjuri (JV)
2010-05-25 18:07 ` Sripathi Kodi
2010-05-26 20:21 ` Venkateswararao Jujjuri (JV)
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 3/7] virtio-9p: modify create/open2 and mkdir for new security model Venkateswararao Jujjuri (JV)
2010-05-24 20:12 ` Anthony Liguori
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 4/7] virtio-9p: Implement Security model for mknod related files Venkateswararao Jujjuri (JV)
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 5/7] virtio-9p: Implemented security model for symlink and link Venkateswararao Jujjuri (JV)
2010-05-24 20:13 ` Anthony Liguori
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 6/7] virtio-9p: Implemented Security model for lstat and fstat Venkateswararao Jujjuri (JV)
2010-05-21 21:26 ` [Qemu-devel] [PATCH -V3 7/7] virtio-9p: Implemented security model for chown and chgrp Venkateswararao Jujjuri (JV)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4BFADD44.8060401@linux.vnet.ibm.com \
--to=aliguori@linux.vnet.ibm.com \
--cc=aliguori@us.ibm.com \
--cc=jvrao@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).