From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([140.186.70.92]:55576) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RE2Lc-0002ya-7F for qemu-devel@nongnu.org; Wed, 12 Oct 2011 13:12:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1RE2Lb-0002I7-80 for qemu-devel@nongnu.org; Wed, 12 Oct 2011 13:12:04 -0400 Received: from e3.ny.us.ibm.com ([32.97.182.143]:42328) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1RE2Lb-0002Hv-5Y for qemu-devel@nongnu.org; Wed, 12 Oct 2011 13:12:03 -0400 Received: from /spool/local by us.ibm.com with XMail ESMTP for from ; Wed, 12 Oct 2011 13:03:34 -0400 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d01relay04.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id p9CH0oPq265132 for ; Wed, 12 Oct 2011 13:02:48 -0400 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id p9CEMUs8030716 for ; Wed, 12 Oct 2011 08:22:30 -0600 From: "Aneesh Kumar K.V" In-Reply-To: <20111012082800.GE9848@redhat.com> References: <1318406056-17026-1-git-send-email-mohan@in.ibm.com> <20111012082800.GE9848@redhat.com> Date: Wed, 12 Oct 2011 19:52:18 +0530 Message-ID: <87fwiyuw6d.fsf@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: [Qemu-devel] [PATCH] hw/9pfs: Handle Security model parsing List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Daniel P. Berrange" , "M. Mohan Kumar" Cc: qemu-devel@nongnu.org On Wed, 12 Oct 2011 09:28:00 +0100, "Daniel P. Berrange" wrote: > On Wed, Oct 12, 2011 at 01:24:16PM +0530, M. Mohan Kumar wrote: > > Security model is needed only for 'local' fs driver. > > > > Signed-off-by: M. Mohan Kumar > > --- > > fsdev/qemu-fsdev.c | 6 +---- > > fsdev/qemu-fsdev.h | 1 + > > hw/9pfs/virtio-9p-device.c | 47 ++++++++++++++++++++++--------------------- > > vl.c | 20 +++++++++++++++-- > > 4 files changed, 43 insertions(+), 31 deletions(-) > > .... > * Files on the fileserver are set to QEMU credentials. > > + */ > > + s->ctx.fs_sm = SM_NONE; > > + s->ctx.xops = none_xattr_ops; > > + } else { > > + fprintf(stderr, "Invalid security_model %s specified.\n" > > + "Available security models are:\t " > > + "passthrough,mapped or none\n", fse->security_model); > > + exit(1); > > + } > > Are you sure there aren't use cases where people would like to > choose between passthrough & mapped, even when using the 'proxy' > or 'handle' security drivers. Currently handle fs driver requires CAP_DAC_READ_SEARCH and if qemu is not going to run with specific capabilities this implies root privileges. So handle fs driver doesn't do the mapping required by different security model. Proxy fs driver is enabling us to run file system operations as "root". So even for that we don't need mapped security model. Even if we want to store file attributes in xattr with proxy fs driver, that will go as a proxy's argument not as -fsdev argument. Proxy also don't require export path name. But that is another patch. > > Both of the security models seem pretty generally useful to me, > regardless of the driver type. > -aneesh