From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: virtio-fs@redhat.com, sebastian.hasler@stuvus.uni-stuttgart.de,
qemu-devel@nongnu.org, groug@kaod.org
Subject: Re: [Virtio-fs] [PULL 00/12] virtiofs queue
Date: Thu, 17 Feb 2022 13:36:52 +0000 [thread overview]
Message-ID: <Yg5PdHX0+0GJ2Si5@work-vm> (raw)
In-Reply-To: <Yg1nFPqBnOf+4pDi@redhat.com>
* Vivek Goyal (vgoyal@redhat.com) wrote:
> On Wed, Feb 16, 2022 at 07:40:14PM +0000, Dr. David Alan Gilbert wrote:
> > * Dr. David Alan Gilbert (git) (dgilbert@redhat.com) wrote:
> > > From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> > >
> > > The following changes since commit c13b8e9973635f34f3ce4356af27a311c993729c:
> > >
> > > Merge remote-tracking branch 'remotes/alistair/tags/pull-riscv-to-apply-20220216' into staging (2022-02-16 09:57:11 +0000)
> > >
> > > are available in the Git repository at:
> > >
> > > https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20220216
> > >
> > > for you to fetch changes up to 47cc3ef597b2ee926c13c9433f4f73645429e128:
> > >
> > > virtiofsd: Add basic support for FUSE_SYNCFS request (2022-02-16 17:29:32 +0000)
> >
> > NAK
> > this doesn't build on older Linuxes.
> >
> > Rework version in the works.
>
> Hi David,
>
> I think it is patch 8 which is using gettid(). I have updated that
> patch and now I am using syscall(NR_gettid) instead. Here is the
> updated patch. I hope this solves the build on older Linux issue.
>
>
> Subject: virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate
>
> Soon we will be able to create and also set security context on the file
> atomically using /proc/self/task/tid/attr/fscreate knob. If this knob
> is available on the system, first set the knob with the desired context
> and then create the file. It will be created with the context set in
> fscreate. This works basically for SELinux and its per thread.
>
> This patch just introduces the helper functions. Subsequent patches will
> make use of these helpers.
>
> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Thanks, I'll merge that in.
Dave
> ---
> tools/virtiofsd/passthrough_ll.c | 92 +++++++++++++++++++++++++++++++++++++++
> 1 file changed, 92 insertions(+)
>
> Index: rhvgoyal-qemu/tools/virtiofsd/passthrough_ll.c
> ===================================================================
> --- rhvgoyal-qemu.orig/tools/virtiofsd/passthrough_ll.c 2022-02-16 15:53:13.657015138 -0500
> +++ rhvgoyal-qemu/tools/virtiofsd/passthrough_ll.c 2022-02-16 15:55:14.911234993 -0500
> @@ -173,10 +173,14 @@ struct lo_data {
>
> /* An O_PATH file descriptor to /proc/self/fd/ */
> int proc_self_fd;
> + /* An O_PATH file descriptor to /proc/self/task/ */
> + int proc_self_task;
> int user_killpriv_v2, killpriv_v2;
> /* If set, virtiofsd is responsible for setting umask during creation */
> bool change_umask;
> int user_posix_acl, posix_acl;
> + /* Keeps track if /proc/<pid>/attr/fscreate should be used or not */
> + bool use_fscreate;
> };
>
> static const struct fuse_opt lo_opts[] = {
> @@ -257,6 +261,72 @@ static struct lo_data *lo_data(fuse_req_
> }
>
> /*
> + * Tries to figure out if /proc/<pid>/attr/fscreate is usable or not. With
> + * selinux=0, read from fscreate returns -EINVAL.
> + *
> + * TODO: Link with libselinux and use is_selinux_enabled() instead down
> + * the line. It probably will be more reliable indicator.
> + */
> +static bool is_fscreate_usable(struct lo_data *lo)
> +{
> + char procname[64];
> + int fscreate_fd;
> + size_t bytes_read;
> +
> + sprintf(procname, "%ld/attr/fscreate", syscall(SYS_gettid));
> + fscreate_fd = openat(lo->proc_self_task, procname, O_RDWR);
> + if (fscreate_fd == -1) {
> + return false;
> + }
> +
> + bytes_read = read(fscreate_fd, procname, 64);
> + close(fscreate_fd);
> + if (bytes_read == -1) {
> + return false;
> + }
> + return true;
> +}
> +
> +/* Helpers to set/reset fscreate */
> +__attribute__((unused))
> +static int open_set_proc_fscreate(struct lo_data *lo, const void *ctx,
> + size_t ctxlen,int *fd)
> +{
> + char procname[64];
> + int fscreate_fd, err = 0;
> + size_t written;
> +
> + sprintf(procname, "%ld/attr/fscreate", syscall(SYS_gettid));
> + fscreate_fd = openat(lo->proc_self_task, procname, O_WRONLY);
> + err = fscreate_fd == -1 ? errno : 0;
> + if (err) {
> + return err;
> + }
> +
> + written = write(fscreate_fd, ctx, ctxlen);
> + err = written == -1 ? errno : 0;
> + if (err) {
> + goto out;
> + }
> +
> + *fd = fscreate_fd;
> + return 0;
> +out:
> + close(fscreate_fd);
> + return err;
> +}
> +
> +__attribute__((unused))
> +static void close_reset_proc_fscreate(int fd)
> +{
> + if ((write(fd, NULL, 0)) == -1) {
> + fuse_log(FUSE_LOG_WARNING, "Failed to reset fscreate. err=%d\n", errno);
> + }
> + close(fd);
> + return;
> +}
> +
> +/*
> * Load capng's state from our saved state if the current thread
> * hadn't previously been loaded.
> * returns 0 on success
> @@ -3522,6 +3592,15 @@ static void setup_namespaces(struct lo_d
> exit(1);
> }
>
> + /* Get the /proc/self/task descriptor */
> + lo->proc_self_task = open("/proc/self/task/", O_PATH);
> + if (lo->proc_self_task == -1) {
> + fuse_log(FUSE_LOG_ERR, "open(/proc/self/task, O_PATH): %m\n");
> + exit(1);
> + }
> +
> + lo->use_fscreate = is_fscreate_usable(lo);
> +
> /*
> * We only need /proc/self/fd. Prevent ".." from accessing parent
> * directories of /proc/self/fd by bind-mounting it over /proc. Since / was
> @@ -3738,6 +3817,14 @@ static void setup_chroot(struct lo_data
> exit(1);
> }
>
> + lo->proc_self_task = open("/proc/self/task", O_PATH);
> + if (lo->proc_self_fd == -1) {
> + fuse_log(FUSE_LOG_ERR, "open(\"/proc/self/task\", O_PATH): %m\n");
> + exit(1);
> + }
> +
> + lo->use_fscreate = is_fscreate_usable(lo);
> +
> /*
> * Make the shared directory the file system root so that FUSE_OPEN
> * (lo_open()) cannot escape the shared directory by opening a symlink.
> @@ -3923,6 +4010,10 @@ static void fuse_lo_data_cleanup(struct
> close(lo->proc_self_fd);
> }
>
> + if (lo->proc_self_task >= 0) {
> + close(lo->proc_self_task);
> + }
> +
> if (lo->root.fd >= 0) {
> close(lo->root.fd);
> }
> @@ -3950,6 +4041,7 @@ int main(int argc, char *argv[])
> .posix_lock = 0,
> .allow_direct_io = 0,
> .proc_self_fd = -1,
> + .proc_self_task = -1,
> .user_killpriv_v2 = -1,
> .user_posix_acl = -1,
> };
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
next prev parent reply other threads:[~2022-02-17 13:41 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-16 17:36 [PULL 00/12] virtiofs queue Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 01/12] virtiofsd: Do not support blocking flock Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 02/12] virtiofsd: Fix breakage due to fuse_init_in size change Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 03/12] linux-headers: Update headers to v5.17-rc1 Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 04/12] virtiofsd: Parse extended "struct fuse_init_in" Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 05/12] virtiofsd: Extend size of fuse_conn_info->capable and ->want fields Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 06/12] virtiofsd, fuse_lowlevel.c: Add capability to parse security context Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 07/12] virtiofsd: Move core file creation code in separate function Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 08/12] virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 09/12] virtiofsd: Create new file with security context Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 10/12] virtiofsd: Create new file using O_TMPFILE and set " Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 11/12] virtiofsd: Add an option to enable/disable security label Dr. David Alan Gilbert (git)
2022-02-16 17:36 ` [PULL 12/12] virtiofsd: Add basic support for FUSE_SYNCFS request Dr. David Alan Gilbert (git)
2022-02-16 19:40 ` [Virtio-fs] [PULL 00/12] virtiofs queue Dr. David Alan Gilbert
2022-02-16 21:05 ` Vivek Goyal
2022-02-17 13:36 ` Dr. David Alan Gilbert [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-02-17 14:23 Dr. David Alan Gilbert (git)
2022-02-17 17:26 ` [Virtio-fs] " Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yg5PdHX0+0GJ2Si5@work-vm \
--to=dgilbert@redhat.com \
--cc=groug@kaod.org \
--cc=qemu-devel@nongnu.org \
--cc=sebastian.hasler@stuvus.uni-stuttgart.de \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).