Re: [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to spec

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to spec

From:	Anthony Liguori
Subject:	Re: [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to specify the security model.
Date:	Mon, 24 May 2010 15:10:44 -0500
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.5) Gecko/20091209 Fedora/3.0-4.fc12 Lightning/1.0pre Thunderbird/3.0

On 05/21/2010 04:26 PM, Venkateswararao Jujjuri (JV) wrote:

The new option is:

-fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough]
-virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag

In the case of mapped security model, files are created with QEMU user
credentials and the client-user's credentials are saved in extended attributes.
Whereas in the case of passthrough security model, files on the
filesystem are directly created with client-user's credentials.

Signed-off-by: Venkateswararao Jujjuri<address@hidden>
---
  fsdev/qemu-fsdev.c |   14 +++++++++++++-
  fsdev/qemu-fsdev.h |    1 +
  hw/virtio-9p.c     |   14 ++++++++++++++
  qemu-config.c      |   12 +++++++++---
  qemu-options.hx    |   15 +++++++++++----
  vl.c               |   18 +++++++++++++++---
  6 files changed, 63 insertions(+), 11 deletions(-)

diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
index 813e1f7..7d7a153 100644
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts)
          return -1;
      }

-     for (i = 0; i<  ARRAY_SIZE(FsTypes); i++) {
+    for (i = 0; i<  ARRAY_SIZE(FsTypes); i++) {
          if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
              break;
          }
@@ -46,10 +46,22 @@ int qemu_fsdev_add(QemuOpts *opts)
          return -1;
      }

+    if (qemu_opt_get(opts, "path") == NULL) {
+        fprintf(stderr, "fsdev: No path specified.\n");
+        return -1;
+    }
+
+    if (qemu_opt_get(opts, "security_model") == NULL) {
+        fprintf(stderr, "fsdev: No security_model specified.\n");
+        return -1;
+    }
+
      fsle = qemu_malloc(sizeof(*fsle));

      fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
      fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
+    fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
+                "security_model"));
      fsle->fse.ops = FsTypes[i].ops;

      QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
diff --git a/fsdev/qemu-fsdev.h b/fsdev/qemu-fsdev.h
index b50fbe0..6c27881 100644
--- a/fsdev/qemu-fsdev.h
+++ b/fsdev/qemu-fsdev.h
@@ -40,6 +40,7 @@ typedef struct FsTypeTable {
  typedef struct FsTypeEntry {
      char *fsdev_id;
      char *path;
+    char *security_model;
      FileOperations *ops;
  } FsTypeEntry;

diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index 687abc0..8ecd39c 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -2413,6 +2413,20 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf 
*conf)
          exit(1);
      }

+    if (!strcmp(fse->security_model, "passthrough")) {
+        /* Files on the Fileserver set to client user credentials */
+    } else if (!strcmp(fse->security_model, "mapped")) {
+        /* Files on the fileserver are set to QEMU credentials.
+         * Client user credentials are saved in extended attributes.
+         */
+    } else {
+        /* user haven't specified a correct security option */
+        fprintf(stderr, "one of the following must be specified as the"
+                "security option:\n\t security_model=passthrough \n\t "
+                "security_model=mapped\n");
+        exit(1);
+    }


error_report and a return NULL would be more appropriate than an exit(1).

Regards,

Anthony Liguori

+
      if (lstat(fse->path,&stat)) {
          fprintf(stderr, "share path %s does not exist\n", fse->path);
          exit(1);
diff --git a/qemu-config.c b/qemu-config.c
index d500885..e1e3aa1 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -160,9 +160,12 @@ QemuOptsList qemu_fsdev_opts = {
          {
              .name = "fstype",
              .type = QEMU_OPT_STRING,
-        }, {
+        },{
              .name = "path",
              .type = QEMU_OPT_STRING,
+        },{
+            .name = "security_model",
+            .type = QEMU_OPT_STRING,
          },
          { /*End of list */ }
      },
@@ -178,12 +181,15 @@ QemuOptsList qemu_virtfs_opts = {
          {
              .name = "fstype",
              .type = QEMU_OPT_STRING,
-        }, {
+        },{
              .name = "path",
              .type = QEMU_OPT_STRING,
-        }, {
+        },{
              .name = "mount_tag",
              .type = QEMU_OPT_STRING,
+        },{
+            .name = "security_model",
+            .type = QEMU_OPT_STRING,
          },

          { /*End of list */ }
diff --git a/qemu-options.hx b/qemu-options.hx
index 12f6b51..d557c92 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -482,7 +482,7 @@ ETEXI
  DEFHEADING(File system options:)

  DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
-    "-fsdev local,id=id,path=path\n",
+    "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
      QEMU_ARCH_ALL)

  STEXI
@@ -498,7 +498,7 @@ The specific Fstype will determine the applicable options.

  Options to each backend are described below.

address@hidden -fsdev local ,address@hidden ,address@hidden
address@hidden -fsdev local ,address@hidden ,address@hidden ,address@hidden

  Create a file-system-"device" for local-filesystem.

@@ -506,6 +506,9 @@ Create a file-system-"device" for local-filesystem.

  @option{path} specifies the path to be exported. @option{path} is required.

address@hidden specifies the security model to be followed.
address@hidden is required.
+
  @end table
  ETEXI
  #endif
@@ -514,7 +517,7 @@ ETEXI
  DEFHEADING(Virtual File system pass-through options:)

  DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
-    "-virtfs local,path=path,mount_tag=tag\n",
+    "-virtfs 
local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
      QEMU_ARCH_ALL)

  STEXI
@@ -530,7 +533,7 @@ The specific Fstype will determine the applicable options.

  Options to each backend are described below.

address@hidden -virtfs local ,address@hidden ,address@hidden
address@hidden -virtfs local ,address@hidden ,address@hidden ,address@hidden

  Create a Virtual file-system-pass through for local-filesystem.

@@ -538,6 +541,10 @@ Create a Virtual file-system-pass through for 
local-filesystem.

  @option{path} specifies the path to be exported. @option{path} is required.

address@hidden specifies the security model to be followed.
address@hidden is required.
+
+
  @option{mount_tag} specifies the tag with which the exported file is mounted.
  @option{mount_tag} is required.

diff --git a/vl.c b/vl.c
index 85bcc84..a341781 100644
--- a/vl.c
+++ b/vl.c
@@ -3109,10 +3109,21 @@ int main(int argc, char **argv, char **envp)
                      exit(1);
                  }

-                len = strlen(",id=,path=");
+                if (qemu_opt_get(opts, "fstype") == NULL ||
+                        qemu_opt_get(opts, "mount_tag") == NULL ||
+                        qemu_opt_get(opts, "path") == NULL ||
+                        qemu_opt_get(opts, "security_model") == NULL) {
+                    fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
+                            "security_model=[mapped|passthrough],"
+                            "mnt_tag=tag.\n");
+                    exit(1);
+                }
+
+                len = strlen(",id=,path=,security_model=");
                  len += strlen(qemu_opt_get(opts, "fstype"));
                  len += strlen(qemu_opt_get(opts, "mount_tag"));
                  len += strlen(qemu_opt_get(opts, "path"));
+                len += strlen(qemu_opt_get(opts, "security_model"));
                  arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));

                  if (!arg_fsdev) {
@@ -3121,10 +3132,11 @@ int main(int argc, char **argv, char **envp)
                      exit(1);
                  }

-                sprintf(arg_fsdev, "%s,id=%s,path=%s",
+                sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
                                  qemu_opt_get(opts, "fstype"),
                                  qemu_opt_get(opts, "mount_tag"),
-                                qemu_opt_get(opts, "path"));
+                                qemu_opt_get(opts, "path"),
+                                qemu_opt_get(opts, "security_model"));

                  len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
                  len += 2*strlen(qemu_opt_get(opts, "mount_tag"));

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH-V2 3/7] virtio-9p: modify create/open2 and mkdir for new security model., (continued)
- [Qemu-devel] [PATCH-V2 3/7] virtio-9p: modify create/open2 and mkdir for new security model., Venkateswararao Jujjuri (JV), 2010/05/11
- [Qemu-devel] [PATCH-V2 4/7] virtio-9p: Implement Security model for mknod related files, Venkateswararao Jujjuri (JV), 2010/05/11
- [Qemu-devel] [PATCH-V2 5/7] virtio-9p: Implemented security model for symlink and link., Venkateswararao Jujjuri (JV), 2010/05/11
- [Qemu-devel] [PATCH-V2 7/7] virtio-9p: Implemented security model for chown and chgrp., Venkateswararao Jujjuri (JV), 2010/05/11
- [Qemu-devel] [PATCH-V2 0/7] virtio-9p:Introducing security model for VirtFS, Venkateswararao Jujjuri (JV), 2010/05/21
  - [Qemu-devel] [PATCH -V3 4/7] virtio-9p: Implement Security model for mknod related files, Venkateswararao Jujjuri (JV), 2010/05/21
  - [Qemu-devel] [PATCH -V3 5/7] virtio-9p: Implemented security model for symlink and link., Venkateswararao Jujjuri (JV), 2010/05/21
    - Re: [Qemu-devel] [PATCH -V3 5/7] virtio-9p: Implemented security model for symlink and link., Anthony Liguori, 2010/05/24
  - [Qemu-devel] [PATCH -V3 7/7] virtio-9p: Implemented security model for chown and chgrp., Venkateswararao Jujjuri (JV), 2010/05/21
  - [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to specify the security model., Venkateswararao Jujjuri (JV), 2010/05/21
    - Re: [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to specify the security model., Anthony Liguori <=
  - [Qemu-devel] [PATCH -V3 2/7] virtio-9p: Rearrange fileop structures, Venkateswararao Jujjuri (JV), 2010/05/21
    - Re: [Qemu-devel] [PATCH -V3 2/7] virtio-9p: Rearrange fileop structures, Sripathi Kodi, 2010/05/25
    - Re: [Qemu-devel] [PATCH -V3 2/7] virtio-9p: Rearrange fileop structures, Venkateswararao Jujjuri (JV), 2010/05/26
  - [Qemu-devel] [PATCH -V3 6/7] virtio-9p: Implemented Security model for lstat and fstat, Venkateswararao Jujjuri (JV), 2010/05/21
  - [Qemu-devel] [PATCH -V3 3/7] virtio-9p: modify create/open2 and mkdir for new security model., Venkateswararao Jujjuri (JV), 2010/05/21
    - Re: [Qemu-devel] [PATCH -V3 3/7] virtio-9p: modify create/open2 and mkdir for new security model., Anthony Liguori, 2010/05/24

Prev by Date: Re: [Qemu-devel] Re: [RFC PATCH] AMD IOMMU emulation
Next by Date: [Qemu-devel] Re: [PATCH 0/6] Make hpet a compile time option
Previous by thread: [Qemu-devel] [PATCH -V3 1/7] virtio-9p: Introduces an option to specify the security model.
Next by thread: [Qemu-devel] [PATCH -V3 2/7] virtio-9p: Rearrange fileop structures
Index(es):
- Date
- Thread