From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:46783) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SbZan-000232-A6 for qemu-devel@nongnu.org; Mon, 04 Jun 2012 11:53:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SbZah-0002Wo-Hw for qemu-devel@nongnu.org; Mon, 04 Jun 2012 11:53:16 -0400 Received: from e8.ny.us.ibm.com ([32.97.182.138]:44384) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SbZah-0002SH-Db for qemu-devel@nongnu.org; Mon, 04 Jun 2012 11:53:11 -0400 Received: from /spool/local by e8.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 4 Jun 2012 11:53:00 -0400 Received: from d01relay07.pok.ibm.com (d01relay07.pok.ibm.com [9.56.227.147]) by d01dlp01.pok.ibm.com (Postfix) with ESMTP id 5FC1938C8059 for ; Mon, 4 Jun 2012 11:52:06 -0400 (EDT) Received: from d03av01.boulder.ibm.com (d03av01.boulder.ibm.com [9.17.195.167]) by d01relay07.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id q54FpxTY9896092 for ; Mon, 4 Jun 2012 11:52:00 -0400 Received: from d03av01.boulder.ibm.com (loopback [127.0.0.1]) by d03av01.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id q54FpaqV021510 for ; Mon, 4 Jun 2012 09:51:36 -0600 Message-ID: <4FCCD987.8080205@linux.vnet.ibm.com> Date: Mon, 04 Jun 2012 11:51:35 -0400 From: Corey Bryant MIME-Version: 1.0 References: <1338815410-24890-1-git-send-email-coreyb@linux.vnet.ibm.com> <1338815410-24890-3-git-send-email-coreyb@linux.vnet.ibm.com> <4FCCC6F8.3010901@redhat.com> In-Reply-To: <4FCCC6F8.3010901@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] [PATCH 2/3] block: Add support to "open" /dev/fd/X filenames List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: kwolf@redhat.com, aliguori@us.ibm.com, qemu-devel@nongnu.org, stefanha@linux.vnet.ibm.com On 06/04/2012 10:32 AM, Eric Blake wrote: > On 06/04/2012 07:10 AM, Corey Bryant wrote: >> The main goal of this patch series is to enable isolation of guest >> images that are stored on the same NFS mount. This can be achieved >> if the management application opens files for QEMU, and QEMU is >> restricted from opening files. >> >> This patch adds support to the block layer open paths to dup(X) a >> pre-opened file descriptor if the filename is of the format >> /dev/fd/X. >> >> One nice thing about this approach is that no new SELinux policy is >> required to prevent open of NFS files (files with type nfs_t). The >> virt_use_nfs boolean type simply needs to be set to false, and open >> will be prevented (yet dup will be allowed). For example: >> >> # setsebool virt_use_nfs 0 >> # getsebool virt_use_nfs >> virt_use_nfs --> off >> >> Signed-off-by: Corey Bryant > >> >> +int file_open(const char *filename, int flags, mode_t mode) >> +{ >> +#ifndef _WIN32 >> + int fd; >> + const char *p; >> + >> + if (strstart(filename, "/dev/fd/",&p)) { >> + fd = atoi(p); > > atoi() is lousy - it has no error checking, and returns 0 if a mistake > was made. You really want to be using strtol (or even better, a > sensible wrapper around strtol that takes care of the subtleties of > calling it correctly), so that you don't end up dup'ing stdin when the > user passes a bad /dev/fd/ string. > It looks like strtol returns 0 on failure too. Do we need to support stdin/stdout/stderr? -- Regards, Corey