From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:43160) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SWq6r-0005KF-Ss for qemu-devel@nongnu.org; Tue, 22 May 2012 10:30:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SWq6l-0005hj-9d for qemu-devel@nongnu.org; Tue, 22 May 2012 10:30:49 -0400 Received: from e3.ny.us.ibm.com ([32.97.182.143]:60917) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SWq6l-0005gn-4L for qemu-devel@nongnu.org; Tue, 22 May 2012 10:30:43 -0400 Received: from /spool/local by e3.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 22 May 2012 10:30:39 -0400 Received: from d01relay03.pok.ibm.com (d01relay03.pok.ibm.com [9.56.227.235]) by d01dlp01.pok.ibm.com (Postfix) with ESMTP id AE4B938C8069 for ; Tue, 22 May 2012 10:30:26 -0400 (EDT) Received: from d03av04.boulder.ibm.com (d03av04.boulder.ibm.com [9.17.195.170]) by d01relay03.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q4MEUQZh130698 for ; Tue, 22 May 2012 10:30:26 -0400 Received: from d03av04.boulder.ibm.com (loopback [127.0.0.1]) by d03av04.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q4MEUIUi022726 for ; Tue, 22 May 2012 08:30:19 -0600 Message-ID: <4FBBA2F8.1020300@linux.vnet.ibm.com> Date: Tue, 22 May 2012 10:30:16 -0400 From: Corey Bryant MIME-Version: 1.0 References: <1337631598-30639-1-git-send-email-coreyb@linux.vnet.ibm.com> <4FBB4BCE.5080905@redhat.com> In-Reply-To: <4FBB4BCE.5080905@redhat.com> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [RFC PATCH 0/4] block: file descriptor passing using -filefd and getfd_file List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Kevin Wolf Cc: libvir-list@redhat.com, aliguori@us.ibm.com, eblake@redhat.com, qemu-devel@nongnu.org, stefanha@linux.vnet.ibm.com On 05/22/2012 04:18 AM, Kevin Wolf wrote: > Am 21.05.2012 22:19, schrieb Corey Bryant: >> libvirt's sVirt security driver provides SELinux MAC isolation for >> Qemu guest processes and their corresponding image files. In other >> words, sVirt uses SELinux to prevent a QEMU process from opening >> files that do not belong to it. >> >> sVirt provides this support by labeling guests and resources with >> security labels that are stored in file system extended attributes. >> Some file systems, such as NFS, do not support the extended >> attribute security namespace, and therefore cannot support sVirt >> isolation. >> >> A solution to this problem is to provide fd passing support, where >> libvirt opens files and passes file descriptors to QEMU. This, >> along with SELinux policy to prevent QEMU from opening files, can >> provide image file isolation for NFS files. >> >> This patch series adds the -filefd command-line option and the >> getfd_file monitor command. This will enable libvirt to open a >> file and push the corresponding filename and file descriptor to >> QEMU. When QEMU needs to "open" a file, it will first check if the >> file descriptor was passed by either of these methods before >> attempting to actually open the file. > > I thought we decided to avoid making some file names magic, and instead > go for the obvious /dev/fd/42? > > Kevin > I understand that open("/dev/fd/42") would be the same as dup(42), but I'm not sure that I'm entirely clear on how this would work. Could you give an example? -- Regards, Corey