From: Anthony Liguori <anthony@codemonkey.ws>
To: "Venkateswararao Jujjuri (JV)" <jvrao@linux.vnet.ibm.com>
Cc: aliguori@us.ibm.com, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH-V7 01/10] virtio-9p: Introduces an option to specify the security model.
Date: Tue, 22 Jun 2010 20:47:45 -0500 [thread overview]
Message-ID: <4C2167C1.7020403@codemonkey.ws> (raw)
In-Reply-To: <1276547689-3408-2-git-send-email-jvrao@linux.vnet.ibm.com>
On 06/14/2010 03:34 PM, Venkateswararao Jujjuri (JV) wrote:
> The new option is:
>
> -fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough]
> -virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag
>
> In the case of mapped security model, files are created with QEMU user
> credentials and the client-user's credentials are saved in extended attributes.
> Whereas in the case of passthrough security model, files on the
> filesystem are directly created with client-user's credentials.
>
> Signed-off-by: Venkateswararao Jujjuri<jvrao@linux.vnet.ibm.com>
>
Applied all. Thanks.
Regards,
Anthony Liguori
> ---
> fsdev/qemu-fsdev.c | 9 ++++++++-
> fsdev/qemu-fsdev.h | 1 +
> hw/virtio-9p.c | 9 +++++++++
> qemu-config.c | 6 ++++++
> qemu-options.hx | 15 +++++++++++----
> vl.c | 18 +++++++++++++++---
> 6 files changed, 50 insertions(+), 8 deletions(-)
>
> diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
> index 813e1f7..ad69b0e 100644
> --- a/fsdev/qemu-fsdev.c
> +++ b/fsdev/qemu-fsdev.c
> @@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts)
> return -1;
> }
>
> - for (i = 0; i< ARRAY_SIZE(FsTypes); i++) {
> + for (i = 0; i< ARRAY_SIZE(FsTypes); i++) {
> if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
> break;
> }
> @@ -46,10 +46,17 @@ int qemu_fsdev_add(QemuOpts *opts)
> return -1;
> }
>
> + if (qemu_opt_get(opts, "security_model") == NULL) {
> + fprintf(stderr, "fsdev: No security_model specified.\n");
> + return -1;
> + }
> +
> fsle = qemu_malloc(sizeof(*fsle));
>
> fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
> fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
> + fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
> + "security_model"));
> fsle->fse.ops = FsTypes[i].ops;
>
> QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
> diff --git a/fsdev/qemu-fsdev.h b/fsdev/qemu-fsdev.h
> index b50fbe0..6c27881 100644
> --- a/fsdev/qemu-fsdev.h
> +++ b/fsdev/qemu-fsdev.h
> @@ -40,6 +40,7 @@ typedef struct FsTypeTable {
> typedef struct FsTypeEntry {
> char *fsdev_id;
> char *path;
> + char *security_model;
> FileOperations *ops;
> } FsTypeEntry;
>
> diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
> index 038bb39..2530488 100644
> --- a/hw/virtio-9p.c
> +++ b/hw/virtio-9p.c
> @@ -2253,6 +2253,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
> exit(1);
> }
>
> + if (!strcmp(fse->security_model, "passthrough")&&
> + !strcmp(fse->security_model, "mapped")) {
> + /* user haven't specified a correct security option */
> + fprintf(stderr, "one of the following must be specified as the"
> + "security option:\n\t security_model=passthrough \n\t "
> + "security_model=mapped\n");
> + return NULL;
> + }
> +
> if (lstat(fse->path,&stat)) {
> fprintf(stderr, "share path %s does not exist\n", fse->path);
> exit(1);
> diff --git a/qemu-config.c b/qemu-config.c
> index 5a4e61b..95abe61 100644
> --- a/qemu-config.c
> +++ b/qemu-config.c
> @@ -163,6 +163,9 @@ QemuOptsList qemu_fsdev_opts = {
> }, {
> .name = "path",
> .type = QEMU_OPT_STRING,
> + }, {
> + .name = "security_model",
> + .type = QEMU_OPT_STRING,
> },
> { /*End of list */ }
> },
> @@ -184,6 +187,9 @@ QemuOptsList qemu_virtfs_opts = {
> }, {
> .name = "mount_tag",
> .type = QEMU_OPT_STRING,
> + }, {
> + .name = "security_model",
> + .type = QEMU_OPT_STRING,
> },
>
> { /*End of list */ }
> diff --git a/qemu-options.hx b/qemu-options.hx
> index a6928b7..d1d2272 100644
> --- a/qemu-options.hx
> +++ b/qemu-options.hx
> @@ -486,7 +486,7 @@ ETEXI
> DEFHEADING(File system options:)
>
> DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
> - "-fsdev local,id=id,path=path\n",
> + "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
> QEMU_ARCH_ALL)
>
> STEXI
> @@ -502,7 +502,7 @@ The specific Fstype will determine the applicable options.
>
> Options to each backend are described below.
>
> -@item -fsdev local ,id=@var{id} ,path=@var{path}
> +@item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model}
>
> Create a file-system-"device" for local-filesystem.
>
> @@ -510,6 +510,9 @@ Create a file-system-"device" for local-filesystem.
>
> @option{path} specifies the path to be exported. @option{path} is required.
>
> +@option{security_model} specifies the security model to be followed.
> +@option{security_model} is required.
> +
> @end table
> ETEXI
> #endif
> @@ -518,7 +521,7 @@ ETEXI
> DEFHEADING(Virtual File system pass-through options:)
>
> DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
> - "-virtfs local,path=path,mount_tag=tag\n",
> + "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
> QEMU_ARCH_ALL)
>
> STEXI
> @@ -534,7 +537,7 @@ The specific Fstype will determine the applicable options.
>
> Options to each backend are described below.
>
> -@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag}
> +@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model}
>
> Create a Virtual file-system-pass through for local-filesystem.
>
> @@ -542,6 +545,10 @@ Create a Virtual file-system-pass through for local-filesystem.
>
> @option{path} specifies the path to be exported. @option{path} is required.
>
> +@option{security_model} specifies the security model to be followed.
> +@option{security_model} is required.
> +
> +
> @option{mount_tag} specifies the tag with which the exported file is mounted.
> @option{mount_tag} is required.
>
> diff --git a/vl.c b/vl.c
> index 7121cd0..98491ae 100644
> --- a/vl.c
> +++ b/vl.c
> @@ -3094,10 +3094,21 @@ int main(int argc, char **argv, char **envp)
> exit(1);
> }
>
> - len = strlen(",id=,path=");
> + if (qemu_opt_get(opts, "fstype") == NULL ||
> + qemu_opt_get(opts, "mount_tag") == NULL ||
> + qemu_opt_get(opts, "path") == NULL ||
> + qemu_opt_get(opts, "security_model") == NULL) {
> + fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
> + "security_model=[mapped|passthrough],"
> + "mnt_tag=tag.\n");
> + exit(1);
> + }
> +
> + len = strlen(",id=,path=,security_model=");
> len += strlen(qemu_opt_get(opts, "fstype"));
> len += strlen(qemu_opt_get(opts, "mount_tag"));
> len += strlen(qemu_opt_get(opts, "path"));
> + len += strlen(qemu_opt_get(opts, "security_model"));
> arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
>
> if (!arg_fsdev) {
> @@ -3106,10 +3117,11 @@ int main(int argc, char **argv, char **envp)
> exit(1);
> }
>
> - sprintf(arg_fsdev, "%s,id=%s,path=%s",
> + sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
> qemu_opt_get(opts, "fstype"),
> qemu_opt_get(opts, "mount_tag"),
> - qemu_opt_get(opts, "path"));
> + qemu_opt_get(opts, "path"),
> + qemu_opt_get(opts, "security_model"));
>
> len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
> len += 2*strlen(qemu_opt_get(opts, "mount_tag"));
>
next prev parent reply other threads:[~2010-06-23 1:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-14 20:34 [Qemu-devel] PATCH-V7 0/10] virtio-9p:Introducing security model for VirtFS Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 01/10] virtio-9p: Introduces an option to specify the security model Venkateswararao Jujjuri (JV)
2010-06-23 1:47 ` Anthony Liguori [this message]
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 02/10] virtio-9p: Make infrastructure for the new " Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 03/10] virtio-9p: Security model for chmod Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 04/10] virtio-9p: Security model for chown Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 05/10] virtio-9p: Implemented Security model for lstat and fstat Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 06/10] virtio-9p: Security model for create/open2 Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 07/10] virtio-9p: Security model for mkdir Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 08/10] virtio-9p: Security model for symlink and readlink Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 09/10] virtio-9p: Implement Security model for mknod Venkateswararao Jujjuri (JV)
2010-06-14 21:04 ` Anthony Liguori
2010-06-14 21:21 ` Venkateswararao Jujjuri (JV)
2010-06-14 20:34 ` [Qemu-devel] [PATCH-V7 10/10] virtio-9p: Implement Security model for mksock using mknod Venkateswararao Jujjuri (JV)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C2167C1.7020403@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=aliguori@us.ibm.com \
--cc=jvrao@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).