[Qemu-devel] Re: [PATCH-V4 0/7] virtio-9p:Introducing security model for VirtFS

qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed

From: Andy Lutomirski <luto@mit.edu>
To: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: [Qemu-devel] Re: [PATCH-V4 0/7] virtio-9p:Introducing security model for VirtFS
Date: Wed, 26 May 2010 23:52:38 -0400	[thread overview]
Message-ID: <4BFDEC86.1080904@mit.edu> (raw)
In-Reply-To: <1274916106-25616-1-git-send-email-jvrao@linux.vnet.ibm.com>

Venkateswararao Jujjuri (JV) wrote:
> This patch series introduces the security model for VirtFS.
> 
> Brief description of this patch series:
> 
> It introduces two type of security models for VirtFS.
> They are: mapped and passthrough.
> 
> The following is common to both security models.
> 
> * Client's VFS determines/enforces the access control.
>   Largely server should never return EACCESS.
> 
> * Client sends gid/mode-bit information as part of creation only.
> 
> Changes from V3
> ---------------
> o Return NULL instead of exit(1) on failure in virtio_9p_init()
> o Capitalized sm_passthrough, sm_mappe
> o Added handling for EINTR for read/write.
> o Corrected default permissions for mkdir in mapped mode.
> o Added additional error handling.
> 
> Changes from V2
> ---------------
> o Removed warnings resulting from chmod/chown.
> o Added code to fail normally if secuirty_model option is not specified.
> 
> Changes from V1
> ---------------
> o Added support for chmod and chown.
> o Used chmod/chown to set credentials instead of setuid/setgid.
> o Fixed a bug where uid used instated of uid.
> 
> 
> Security model: mapped
> ----------------------
> 
> VirtFS server(QEMU) intercepts and maps all the file object create requests.
> Files on the fileserver will be created with QEMU's user credentials and the
> client-user's credentials are stored in extended attributes.
> During getattr() server extracts the client-user's credentials from extended
> attributes and sends to the client.
> 
> Given that only the user space extended attributes are available to regular
> files, special files are created as regular files on the fileserver and the
> appropriate mode bits are stored in xattrs and will be extracted during
> getattr.
> 
> If the extended attributes are missing, server sends back the filesystem
> stat() unaltered. This provision will make the files created on the
> fileserver usable to client.
> 
> Points to be considered
> 
> * Filesystem will be VirtFS'ized. Meaning, other filesystems may not
>  understand the credentials of the files created under this model.

How hard would it be to make this compatible with rsync's --fake-super? 
  (--fake-super already does almost what you're doing, and if you make 
the formats compatible, then rsync could be used to translate.  OTOH, 
rsyncing a VirtFS-ified filesystem to a remote --fake-super system might 
have odd side-effects.)

--Andy

next prev parent reply	other threads:[~2010-05-27  4:28 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-05-26 23:21 [Qemu-devel] [PATCH-V4 0/7] virtio-9p:Introducing security model for VirtFS Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 1/7] virtio-9p: Introduces an option to specify the security model Venkateswararao Jujjuri (JV)
2010-06-01 17:24   ` Aneesh Kumar K.V
2010-06-03 23:07     ` Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 2/7] virtio-9p: Rearrange fileop structures Venkateswararao Jujjuri (JV)
2010-06-01 17:22   ` Aneesh Kumar K.V
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 3/7] virtio-9p: modify create/open2 and mkdir for new security model Venkateswararao Jujjuri (JV)
2010-06-01 17:30   ` Aneesh Kumar K.V
2010-06-04  0:40     ` Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 4/7] virtio-9p: Implement Security model for mknod related files Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 5/7] virtio-9p: Implemented security model for symlink and link Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 6/7] virtio-9p: Implemented Security model for lstat and fstat Venkateswararao Jujjuri (JV)
2010-05-26 23:21 ` [Qemu-devel] [PATCH -V4 7/7] virtio-9p: Implemented security model for chown and chgrp Venkateswararao Jujjuri (JV)
2010-06-01 17:33   ` Aneesh Kumar K.V
2010-05-27  3:52 ` Andy Lutomirski [this message]
2010-05-27 17:52   ` [Qemu-devel] Re: [PATCH-V4 0/7] virtio-9p:Introducing security model for VirtFS Venkateswararao Jujjuri (JV)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4BFDEC86.1080904@mit.edu \
    --to=luto@mit.edu \
    --cc=aliguori@us.ibm.com \
    --cc=jvrao@linux.vnet.ibm.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).