From: Kevin Wolf <kwolf@redhat.com>
To: Max Reitz <mreitz@redhat.com>
Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org
Subject: Re: [PATCH v2 2/6] export/fuse: Add allow-other option
Date: Wed, 7 Jul 2021 12:37:30 +0200 [thread overview]
Message-ID: <YOWD6rMgVC4Sh3Lf@redhat.com> (raw)
In-Reply-To: <20210625142317.271673-3-mreitz@redhat.com>
Am 25.06.2021 um 16:23 hat Max Reitz geschrieben:
> Without the allow_other mount option, no user (not even root) but the
> one who started qemu/the storage daemon can access the export. Allow
> users to configure the export such that such accesses are possible.
>
> While allow_other is probably what users want, we cannot make it an
> unconditional default, because passing it is only possible (for non-root
> users) if the global fuse.conf configuration file allows it. Thus, the
> default is an 'auto' mode, in which we first try with allow_other, and
> then fall back to without.
>
> FuseExport.allow_other reports whether allow_other was actually used as
> a mount option or not. Currently, this information is not used, but a
> future patch will let this field decide whether e.g. an export's UID and
> GID can be changed through chmod.
>
> One notable thing about 'auto' mode is that libfuse may print error
> messages directly to stderr, and so may fusermount (which it executes).
> Our export code cannot really filter or hide them. Therefore, if 'auto'
> fails its first attempt and has to fall back, fusermount will print an
> error message that mounting with allow_other failed.
>
> This behavior necessitates a change to iotest 308, namely we need to
> filter out this error message (because if the first attempt at mounting
> with allow_other succeeds, there will be no such message).
>
> Furthermore, common.rc's _make_test_img should use allow-other=off for
> FUSE exports, because iotests generally do not need to access images
> from other users, so allow-other=on or allow-other=auto have no
> advantage. OTOH, allow-other=on will not work on systems where
> user_allow_other is disabled, and with allow-other=auto, we get said
> error message that we would need to filter out again. Just disabling
> allow-other is simplest.
>
> Signed-off-by: Max Reitz <mreitz@redhat.com>
> ---
> qapi/block-export.json | 33 ++++++++++++++++++++++++++++++++-
> block/export/fuse.c | 28 +++++++++++++++++++++++-----
> tests/qemu-iotests/308 | 6 +++++-
> tests/qemu-iotests/common.rc | 6 +++++-
> 4 files changed, 65 insertions(+), 8 deletions(-)
>
> diff --git a/qapi/block-export.json b/qapi/block-export.json
> index e819e70cac..0ed63442a8 100644
> --- a/qapi/block-export.json
> +++ b/qapi/block-export.json
> @@ -120,6 +120,23 @@
> '*logical-block-size': 'size',
> '*num-queues': 'uint16'} }
>
> +##
> +# @FuseExportAllowOther:
> +#
> +# Possible allow_other modes for FUSE exports.
> +#
> +# @off: Do not pass allow_other as a mount option.
> +#
> +# @on: Pass allow_other as a mount option.
> +#
> +# @auto: Try mounting with allow_other first, and if that fails, retry
> +# without allow_other.
> +#
> +# Since: 6.1
> +##
> +{ 'enum': 'FuseExportAllowOther',
> + 'data': ['off', 'on', 'auto'] }
Why not use the generic OnOffAuto type from common.json?
But since the external interface is unaffected so we can later change
this as a code cleanup and soft freeze is approaching, I won't consider
this a blocker.
Kevin
next prev parent reply other threads:[~2021-07-07 10:38 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-25 14:23 [PATCH v2 0/6] export/fuse: Allow other users access to the export Max Reitz
2021-06-25 14:23 ` [PATCH v2 1/6] export/fuse: Pass default_permissions for mount Max Reitz
2021-06-25 14:23 ` [PATCH v2 2/6] export/fuse: Add allow-other option Max Reitz
2021-07-07 10:37 ` Kevin Wolf [this message]
2021-06-25 14:23 ` [PATCH v2 3/6] export/fuse: Give SET_ATTR_SIZE its own branch Max Reitz
2021-06-25 14:23 ` [PATCH v2 4/6] export/fuse: Let permissions be adjustable Max Reitz
2021-06-25 14:23 ` [PATCH v2 5/6] iotests/308: Test +w on read-only FUSE exports Max Reitz
2021-06-25 14:23 ` [PATCH v2 6/6] iotests/fuse-allow-other: Test allow-other Max Reitz
2021-07-07 10:40 ` Kevin Wolf
2021-07-07 11:03 ` [PATCH v2 0/6] export/fuse: Allow other users access to the export Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YOWD6rMgVC4Sh3Lf@redhat.com \
--to=kwolf@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).