From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:39564) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SbYKh-0007pb-Jl for qemu-devel@nongnu.org; Mon, 04 Jun 2012 10:32:44 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SbYKb-0001FC-0G for qemu-devel@nongnu.org; Mon, 04 Jun 2012 10:32:35 -0400 Received: from mx1.redhat.com ([209.132.183.28]:7752) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SbYKa-0001DU-Oc for qemu-devel@nongnu.org; Mon, 04 Jun 2012 10:32:28 -0400 Message-ID: <4FCCC6F8.3010901@redhat.com> Date: Mon, 04 Jun 2012 08:32:24 -0600 From: Eric Blake MIME-Version: 1.0 References: <1338815410-24890-1-git-send-email-coreyb@linux.vnet.ibm.com> <1338815410-24890-3-git-send-email-coreyb@linux.vnet.ibm.com> In-Reply-To: <1338815410-24890-3-git-send-email-coreyb@linux.vnet.ibm.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig97FAE22A37BE4B900E88A00B" Subject: Re: [Qemu-devel] [PATCH 2/3] block: Add support to "open" /dev/fd/X filenames List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Corey Bryant Cc: kwolf@redhat.com, aliguori@us.ibm.com, qemu-devel@nongnu.org, stefanha@linux.vnet.ibm.com This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig97FAE22A37BE4B900E88A00B Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 06/04/2012 07:10 AM, Corey Bryant wrote: > The main goal of this patch series is to enable isolation of guest > images that are stored on the same NFS mount. This can be achieved > if the management application opens files for QEMU, and QEMU is > restricted from opening files. >=20 > This patch adds support to the block layer open paths to dup(X) a > pre-opened file descriptor if the filename is of the format > /dev/fd/X. >=20 > One nice thing about this approach is that no new SELinux policy is > required to prevent open of NFS files (files with type nfs_t). The > virt_use_nfs boolean type simply needs to be set to false, and open > will be prevented (yet dup will be allowed). For example: >=20 > # setsebool virt_use_nfs 0 > # getsebool virt_use_nfs > virt_use_nfs --> off >=20 > Signed-off-by: Corey Bryant > =20 > +int file_open(const char *filename, int flags, mode_t mode) > +{ > +#ifndef _WIN32 > + int fd; > + const char *p; > + > + if (strstart(filename, "/dev/fd/", &p)) { > + fd =3D atoi(p); atoi() is lousy - it has no error checking, and returns 0 if a mistake was made. You really want to be using strtol (or even better, a sensible wrapper around strtol that takes care of the subtleties of calling it correctly), so that you don't end up dup'ing stdin when the user passes a bad /dev/fd/ string. --=20 Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --------------enig97FAE22A37BE4B900E88A00B Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJPzMb4AAoJEKeha0olJ0NqFlEH/jxfU84ducc0boVEJ07hl6LH 1mViGDlSpFKbn+vzOZykEUXJ5K9rc4g4k8fxWS5LBnT9ADtIHxwy5w9T3DNdQk1N HRQFekcrPIw/xwlZMFq3CJ+LI3XTx+jerL0rF7zVjx5OJjvFtHYdWNyN5g5681dx fjQwZq1Ua3DsrYjKV5AuCjzn6sVJ71M4PsLYm0rMnni9UQMDN/bxFLVyWOEyhsiw hQs/TDwUj/659b1lboRfWenwW4ItfT+aWclVC9UvJFsZ8z5hWzx2tLGK1pvMm23A St7c6G4wFC1+E8+rwwruPziErLtWngAtTKtL3K5heY2zQir2BCb9oBHlxhktxSc= =gX9E -----END PGP SIGNATURE----- --------------enig97FAE22A37BE4B900E88A00B--