From: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
To: Vivek Goyal <vgoyal@redhat.com>
Cc: virtio-fs@redhat.com, mszeredi@redhat.com, berrange@redhat.com,
qemu-devel@nongnu.org
Subject: Re: [PATCH v6 00/10] virtiofsd: Add support for file security context at file creation
Date: Wed, 16 Feb 2022 12:08:40 +0000 [thread overview]
Message-ID: <YgzpSIIolYItX4Mj@work-vm> (raw)
In-Reply-To: <20220208204813.682906-1-vgoyal@redhat.com>
Queued
* Vivek Goyal (vgoyal@redhat.com) wrote:
> Hi,
>
> This is V6 of the patches. I posted V5 here.
>
> https://listman.redhat.com/archives/virtio-fs/2022-February/msg00012.html
>
> This patch series basically allows client to send a security context
> (which is expected to be xattr security.selinux and its content) to
> virtiofsd and it will set that security context on file during creation
> based on various settings. Hence, this patch series basically allows
> supporting SELinux with virtiofs.
>
> There are primarily 3 modes.
>
> - If no security context enabled, then it continues to create files without
> security context.
>
> - If security context is enabled and but security.selinux has not been
> remapped, then it uses /proc/thread-self/attr/fscreate knob to set
> security context and then create the file. This will make sure that
> newly created file gets the security context as set in "fscreate" and
> this is atomic w.r.t file creation.
>
> This is useful and host and guest SELinux policies don't conflict and
> can work with each other. In that case, guest security.selinux xattr
> is not remapped and it is passthrough as "security.selinux" xattr
> on host.
>
> - If security context is enabled but security.selinux xattr has been
> remapped to something else, then it first creates the file and then
> uses setxattr() to set the remapped xattr with the security context.
> This is a non-atomic operation w.r.t file creation.
>
> This mode will be most versatile and allow host and guest to have their
> own separate SELinux xattrs and have their own separate SELinux policies.
>
> Changes since V5:
>
> - Added some documentation to recommend using xattr remapping to remap
> "security.selinux" to "trusted.virtiofs.security.selinux" and also
> give CAP_SYS_ADMIN to daemon. Also put a warning to make users aware
> of trade-off involved here. ("Daniel P. Berrangé")
>
> - Used macro endof() to determine end of fuse_init_in struct. (David
> Gilbert).
>
> - Added a check to make sure fsecctx->size is not zero. Also added
> "return" statement at few places where it was required. (David Gilbert)
>
> - Split patch 7 in the series. Some of the handling of setting and
> clearing fscreate knob has been moved into a separate patch. Found
> it hard to break it down further. So it helps a bit but not too
> much. (David Gilbert).
>
> Thanks
> Vivek
>
> Vivek Goyal (10):
> virtiofsd: Fix breakage due to fuse_init_in size change
> linux-headers: Update headers to v5.17-rc1
> virtiofsd: Parse extended "struct fuse_init_in"
> virtiofsd: Extend size of fuse_conn_info->capable and ->want fields
> virtiofsd, fuse_lowlevel.c: Add capability to parse security context
> virtiofsd: Move core file creation code in separate function
> virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate
> virtiofsd: Create new file with security context
> virtiofsd: Create new file using O_TMPFILE and set security context
> virtiofsd: Add an option to enable/disable security label
>
> docs/tools/virtiofsd.rst | 32 ++
> include/standard-headers/asm-x86/kvm_para.h | 1 +
> include/standard-headers/drm/drm_fourcc.h | 11 +
> include/standard-headers/linux/ethtool.h | 1 +
> include/standard-headers/linux/fuse.h | 60 ++-
> include/standard-headers/linux/pci_regs.h | 142 +++---
> include/standard-headers/linux/virtio_gpio.h | 72 +++
> include/standard-headers/linux/virtio_i2c.h | 47 ++
> include/standard-headers/linux/virtio_iommu.h | 8 +-
> .../standard-headers/linux/virtio_pcidev.h | 65 +++
> include/standard-headers/linux/virtio_scmi.h | 24 +
> linux-headers/asm-generic/unistd.h | 5 +-
> linux-headers/asm-mips/unistd_n32.h | 2 +
> linux-headers/asm-mips/unistd_n64.h | 2 +
> linux-headers/asm-mips/unistd_o32.h | 2 +
> linux-headers/asm-powerpc/unistd_32.h | 2 +
> linux-headers/asm-powerpc/unistd_64.h | 2 +
> linux-headers/asm-riscv/bitsperlong.h | 14 +
> linux-headers/asm-riscv/mman.h | 1 +
> linux-headers/asm-riscv/unistd.h | 44 ++
> linux-headers/asm-s390/unistd_32.h | 2 +
> linux-headers/asm-s390/unistd_64.h | 2 +
> linux-headers/asm-x86/kvm.h | 16 +-
> linux-headers/asm-x86/unistd_32.h | 1 +
> linux-headers/asm-x86/unistd_64.h | 1 +
> linux-headers/asm-x86/unistd_x32.h | 1 +
> linux-headers/linux/kvm.h | 17 +
> tools/virtiofsd/fuse_common.h | 9 +-
> tools/virtiofsd/fuse_i.h | 7 +
> tools/virtiofsd/fuse_lowlevel.c | 168 +++++--
> tools/virtiofsd/helper.c | 1 +
> tools/virtiofsd/passthrough_ll.c | 414 ++++++++++++++++--
> 32 files changed, 1044 insertions(+), 132 deletions(-)
> create mode 100644 include/standard-headers/linux/virtio_gpio.h
> create mode 100644 include/standard-headers/linux/virtio_i2c.h
> create mode 100644 include/standard-headers/linux/virtio_pcidev.h
> create mode 100644 include/standard-headers/linux/virtio_scmi.h
> create mode 100644 linux-headers/asm-riscv/bitsperlong.h
> create mode 100644 linux-headers/asm-riscv/mman.h
> create mode 100644 linux-headers/asm-riscv/unistd.h
>
> --
> 2.34.1
>
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
prev parent reply other threads:[~2022-02-16 12:10 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-08 20:48 [PATCH v6 00/10] virtiofsd: Add support for file security context at file creation Vivek Goyal
2022-02-08 20:48 ` [PATCH v6 01/10] virtiofsd: Fix breakage due to fuse_init_in size change Vivek Goyal
2022-02-08 20:48 ` [PATCH v6 02/10] linux-headers: Update headers to v5.17-rc1 Vivek Goyal
2022-02-08 20:48 ` [PATCH v6 03/10] virtiofsd: Parse extended "struct fuse_init_in" Vivek Goyal
2022-02-14 12:22 ` Dr. David Alan Gilbert
2022-02-08 20:48 ` [PATCH v6 04/10] virtiofsd: Extend size of fuse_conn_info->capable and ->want fields Vivek Goyal
2022-02-08 20:48 ` [PATCH v6 05/10] virtiofsd, fuse_lowlevel.c: Add capability to parse security context Vivek Goyal
2022-02-14 13:02 ` Dr. David Alan Gilbert
2022-02-08 20:48 ` [PATCH v6 06/10] virtiofsd: Move core file creation code in separate function Vivek Goyal
2022-02-08 20:48 ` [PATCH v6 07/10] virtiofsd: Add helpers to work with /proc/self/task/tid/attr/fscreate Vivek Goyal
2022-02-08 20:48 ` [PATCH v6 08/10] virtiofsd: Create new file with security context Vivek Goyal
2022-02-08 20:48 ` [PATCH v6 09/10] virtiofsd: Create new file using O_TMPFILE and set " Vivek Goyal
2022-02-08 20:48 ` [PATCH v6 10/10] virtiofsd: Add an option to enable/disable security label Vivek Goyal
2022-02-14 13:32 ` Dr. David Alan Gilbert
2022-02-14 14:10 ` Vivek Goyal
2022-02-16 12:08 ` Dr. David Alan Gilbert [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YgzpSIIolYItX4Mj@work-vm \
--to=dgilbert@redhat.com \
--cc=berrange@redhat.com \
--cc=mszeredi@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).