[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [V11 04/15] virtio-9p: qemu interfaces for chroot environme
|
From: |
M. Mohan Kumar |
|
Subject: |
[Qemu-devel] [V11 04/15] virtio-9p: qemu interfaces for chroot environment |
|
Date: |
Fri, 24 Jun 2011 13:52:13 +0530 |
From: "M. Mohan Kumar" <address@hidden>
QEMU side interfaces to communicate with chroot worker process.
Signed-off-by: M. Mohan Kumar <address@hidden>
address@hidden: Handle when qemu process can not receive fd because
it already reached max fds]
---
Makefile.objs | 2 +-
hw/9pfs/virtio-9p-chroot.c | 103 ++++++++++++++++++++++++++++++++++++++++++++
hw/9pfs/virtio-9p-chroot.h | 1 +
3 files changed, 105 insertions(+), 1 deletions(-)
create mode 100644 hw/9pfs/virtio-9p-chroot.c
diff --git a/Makefile.objs b/Makefile.objs
index 588eae2..9ff332f 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -304,7 +304,7 @@ hw-obj-$(CONFIG_SOUND) += $(sound-obj-y)
9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-xattr-user.o virtio-9p-posix-acl.o
9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-coth.o cofs.o codir.o cofile.o
9pfs-nested-$(CONFIG_VIRTFS) += coxattr.o virtio-9p-handle.o
-9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-chroot-worker.o
+9pfs-nested-$(CONFIG_VIRTFS) += virtio-9p-chroot-worker.o virtio-9p-chroot.o
hw-obj-$(CONFIG_REALLY_VIRTFS) += $(addprefix 9pfs/, $(9pfs-nested-y))
$(addprefix 9pfs/, $(9pfs-nested-y)): QEMU_CFLAGS+=$(GLIB_CFLAGS)
diff --git a/hw/9pfs/virtio-9p-chroot.c b/hw/9pfs/virtio-9p-chroot.c
new file mode 100644
index 0000000..63de410
--- /dev/null
+++ b/hw/9pfs/virtio-9p-chroot.c
@@ -0,0 +1,103 @@
+/*
+ * Virtio 9p chroot environment for contained access to exported path
+ * Code handles qemu side interfaces to communicate with chroot worker process
+ * Copyright IBM, Corp. 2011
+ *
+ * Authors:
+ * M. Mohan Kumar <address@hidden>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2. See
+ * the copying file in the top-level directory
+ *
+ */
+
+#include <sys/fsuid.h>
+#include <sys/resource.h>
+#include <signal.h>
+#include "qemu_socket.h"
+#include "qemu-thread.h"
+#include "qerror.h"
+#include "virtio-9p.h"
+#include "virtio-9p-chroot.h"
+
+/*
+ * Return received file descriptor on success and -errno on failure.
+ * sock_error is set to 1 whenever there is error in socket IO
+ */
+static int v9fs_receivefd(int sockfd, int *sock_error)
+{
+ struct msghdr msg = { };
+ struct iovec iov;
+ union MsgControl msg_control;
+ struct cmsghdr *cmsg;
+ int retval, data, fd;
+
+ iov.iov_base = &data;
+ iov.iov_len = sizeof(data);
+
+ *sock_error = 0;
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+ msg.msg_control = &msg_control;
+ msg.msg_controllen = sizeof(msg_control);
+
+ do {
+ retval = recvmsg(sockfd, &msg, 0);
+ } while (retval < 0 && errno == EINTR);
+ if (retval <= 0) {
+ *sock_error = 1;
+ return -EIO;
+ }
+
+ /*
+ * data is set to V9FS_FD_VALID, if ancillary data is sent. If this
+ * request doesn't need ancillary data (fd) or an error occurred,
+ * data is set to negative errno value.
+ */
+ if (data != V9FS_FD_VALID) {
+ return data;
+ }
+
+ /*
+ * File descriptor (fd) is sent in the ancillary data. Check if we
+ * indeed received it. One of the reasons to fail to receive it is if
+ * we exceeded the maximum number of file descriptors!
+ */
+ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
+ if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)) ||
+ cmsg->cmsg_level != SOL_SOCKET ||
+ cmsg->cmsg_type != SCM_RIGHTS) {
+ continue;
+ }
+ fd = *((int *)CMSG_DATA(cmsg));
+ return fd;
+ }
+
+ return -ENFILE; /* Ancillary data sent but not received */
+}
+
+/*
+ * V9fsFileObjectRequest is written into the socket by QEMU process.
+ * Then this request is read by chroot process using v9fs_read_request function
+ */
+static int v9fs_write_request(int sockfd, V9fsFileObjectRequest *request)
+{
+ int retval;
+ retval = qemu_write_full(sockfd, request, sizeof(*request));
+ if (retval != sizeof(*request)) {
+ return -EIO;
+ }
+ return 0;
+}
+
+/*
+ * This patch adds v9fs_receivefd and v9fs_write_request functions,
+ * but there is no caller. To avoid compiler warning message,
+ * refer these two functions
+ */
+void chroot_dummy(void)
+{
+ (void)v9fs_receivefd;
+ (void)v9fs_write_request;
+}
diff --git a/hw/9pfs/virtio-9p-chroot.h b/hw/9pfs/virtio-9p-chroot.h
index c2a4a6e..a817bcf 100644
--- a/hw/9pfs/virtio-9p-chroot.h
+++ b/hw/9pfs/virtio-9p-chroot.h
@@ -35,5 +35,6 @@ typedef struct V9fsFileObjectRequest
} V9fsFileObjectRequest;
int v9fs_chroot(FsContext *fs_ctx);
+void chroot_dummy(void);
#endif /* _QEMU_VIRTIO_9P_CHROOT_H */
--
1.7.5.4
- [Qemu-devel] [V11 13/15] virtio-9p: stat in chroot environment, (continued)
- [Qemu-devel] [V11 13/15] virtio-9p: stat in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 03/15] virtio-9p: Provide chroot worker side interfaces, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 02/15] virtio-9p: Enable CONFIG_THREAD if CONFIG_VIRTFS is enabled, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 15/15] virtio-9p: Chroot environment for other functions, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 10/15] virtio-9p: Move file post creation changes to none security model, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 06/15] virtio-9p: Create support in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 14/15] virtio-9p: readlink in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 05/15] virtio-9p: Support for opening a file in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 09/15] virtio-9p: Rename in chroot environment, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 01/15] Implement qemu_read_full, M. Mohan Kumar, 2011/06/24
- [Qemu-devel] [V11 04/15] virtio-9p: qemu interfaces for chroot environment,
M. Mohan Kumar <=
- Re: [Qemu-devel] [V11 00/15] virtio-9p: Use chroot to safely access files in passthrough security model, Blue Swirl, 2011/06/26