From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: virtio-fs@redhat.com, miklos@szeredi.hu, qemu-devel@nongnu.org,
lhenriques@suse.de
Subject: Re: [PATCH v7 5/7] virtiofsd: Add capability to change/restore umask
Date: Mon, 28 Jun 2021 17:12:13 +0100 [thread overview]
Message-ID: <YNn03dfqpGnTTIne@work-vm> (raw)
In-Reply-To: <20210622150852.1507204-6-vgoyal@redhat.com>
* Vivek Goyal (vgoyal@redhat.com) wrote:
> When parent directory has default acl and a file is created in that
> directory, then umask is ignored and final file permissions are
> determined using default acl instead. (man 2 umask).
>
> Currently, fuse applies the umask and sends modified mode in create
> request accordingly. fuse server can set FUSE_DONT_MASK and tell
> fuse client to not apply umask and fuse server will take care of
> it as needed.
>
> With posix acls enabled, requirement will be that we want umask
> to determine final file mode if parent directory does not have
> default acl.
>
> So if posix acls are enabled, opt in for FUSE_DONT_MASK. virtiofsd
> will set umask of the thread doing file creation. And host kernel
> should use that umask if parent directory does not have default
> acls, otherwise umask does not take affect.
>
> Miklos mentioned that we already call unshare(CLONE_FS) for
> every thread. That means umask has now become property of per
> thread and it should be ok to manipulate it in file creation path.
>
> This patch only adds capability to change umask and restore it. It
> does not enable it yet. Next few patches will add capability to enable it
> based on if user enabled posix_acl or not.
>
> This should fix fstest generic/099.
>
> Reported-by: Luis Henriques <lhenriques@suse.de>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
> ---
> tools/virtiofsd/passthrough_ll.c | 22 ++++++++++++++++------
> 1 file changed, 16 insertions(+), 6 deletions(-)
>
> diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
> index 9f5cd98fb5..0c9084ea15 100644
> --- a/tools/virtiofsd/passthrough_ll.c
> +++ b/tools/virtiofsd/passthrough_ll.c
> @@ -122,6 +122,7 @@ struct lo_inode {
> struct lo_cred {
> uid_t euid;
> gid_t egid;
> + mode_t umask;
> };
>
> enum {
> @@ -172,6 +173,8 @@ struct lo_data {
> /* An O_PATH file descriptor to /proc/self/fd/ */
> int proc_self_fd;
> int user_killpriv_v2, killpriv_v2;
> + /* If set, virtiofsd is responsible for setting umask during creation */
> + bool change_umask;
> };
>
> static const struct fuse_opt lo_opts[] = {
> @@ -1134,7 +1137,8 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t parent, const char *name)
> * ownership of caller.
> * TODO: What about selinux context?
> */
> -static int lo_change_cred(fuse_req_t req, struct lo_cred *old)
> +static int lo_change_cred(fuse_req_t req, struct lo_cred *old,
> + bool change_umask)
> {
> int res;
>
> @@ -1154,11 +1158,14 @@ static int lo_change_cred(fuse_req_t req, struct lo_cred *old)
> return errno_save;
> }
>
> + if (change_umask) {
> + old->umask = umask(req->ctx.umask);
> + }
> return 0;
> }
>
> /* Regain Privileges */
> -static void lo_restore_cred(struct lo_cred *old)
> +static void lo_restore_cred(struct lo_cred *old, bool restore_umask)
> {
> int res;
>
> @@ -1173,6 +1180,9 @@ static void lo_restore_cred(struct lo_cred *old)
> fuse_log(FUSE_LOG_ERR, "setegid(%u): %m\n", old->egid);
> exit(1);
> }
> +
> + if (restore_umask)
> + umask(old->umask);
> }
>
> static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
> @@ -1202,7 +1212,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
> return;
> }
>
> - saverr = lo_change_cred(req, &old);
> + saverr = lo_change_cred(req, &old, lo->change_umask && !S_ISLNK(mode));
Can you explain what these ISLNK checks are for (insid mknod_symlink, so
is that always true or irrelevant?)
Dave
> if (saverr) {
> goto out;
> }
> @@ -1211,7 +1221,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
>
> saverr = errno;
>
> - lo_restore_cred(&old);
> + lo_restore_cred(&old, lo->change_umask && !S_ISLNK(mode));
>
> if (res == -1) {
> goto out;
> @@ -1917,7 +1927,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
> return;
> }
>
> - err = lo_change_cred(req, &old);
> + err = lo_change_cred(req, &old, lo->change_umask);
> if (err) {
> goto out;
> }
> @@ -1928,7 +1938,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
> fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode);
> err = fd == -1 ? errno : 0;
>
> - lo_restore_cred(&old);
> + lo_restore_cred(&old, lo->change_umask);
>
> /* Ignore the error if file exists and O_EXCL was not given */
> if (err && (err != EEXIST || (fi->flags & O_EXCL))) {
> --
> 2.25.4
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2021-06-28 16:14 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-22 15:08 [PATCH v7 0/7] virtiofsd: Add support to enable/disable posix acls Vivek Goyal
2021-06-22 15:08 ` [PATCH v7 1/7] virtiofsd: Fix fuse setxattr() API change issue Vivek Goyal
2021-06-28 14:46 ` Dr. David Alan Gilbert
2021-06-28 14:54 ` [Virtio-fs] " Vivek Goyal
2021-06-29 12:44 ` Greg Kurz
2021-06-30 10:17 ` Dr. David Alan Gilbert
2021-06-22 15:08 ` [PATCH v7 2/7] virtiofsd: Fix xattr operations overwriting errno Vivek Goyal
2021-06-28 15:31 ` Dr. David Alan Gilbert
2021-06-29 13:03 ` [Virtio-fs] " Greg Kurz
2021-06-29 13:22 ` Vivek Goyal
2021-06-29 14:35 ` Greg Kurz
2021-06-22 15:08 ` [PATCH v7 3/7] virtiofsd: Add support for extended setxattr Vivek Goyal
2021-06-28 15:49 ` Dr. David Alan Gilbert
2021-06-28 18:28 ` Vivek Goyal
2021-06-28 18:34 ` Dr. David Alan Gilbert
2021-06-22 15:08 ` [PATCH v7 4/7] virtiofsd: Add umask to seccom allow list Vivek Goyal
2021-06-22 15:08 ` [PATCH v7 5/7] virtiofsd: Add capability to change/restore umask Vivek Goyal
2021-06-28 16:12 ` Dr. David Alan Gilbert [this message]
2021-06-28 18:12 ` Vivek Goyal
2021-06-28 18:36 ` Dr. David Alan Gilbert
2021-06-28 18:46 ` Vivek Goyal
2021-06-28 18:51 ` Dr. David Alan Gilbert
2021-06-22 15:08 ` [PATCH v7 6/7] virtiofsd: Switch creds, drop FSETID for system.posix_acl_access xattr Vivek Goyal
2021-06-28 17:37 ` Dr. David Alan Gilbert
2021-06-28 17:55 ` Dr. David Alan Gilbert
2021-06-22 15:08 ` [PATCH v7 7/7] virtiofsd: Add an option to enable/disable posix acls Vivek Goyal
2021-06-28 18:26 ` Dr. David Alan Gilbert
2021-06-30 18:53 ` [PATCH v7 0/7] virtiofsd: Add support " Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YNn03dfqpGnTTIne@work-vm \
--to=dgilbert@redhat.com \
--cc=lhenriques@suse.de \
--cc=miklos@szeredi.hu \
--cc=qemu-devel@nongnu.org \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).