Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS

From:	M. Mohan Kumar
Subject:	Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS
Date:	Fri, 9 Dec 2011 20:17:32 +0530
User-agent:	KMail/1.13.7 (Linux/2.6.40.3-0.fc15.x86_64; KDE/4.6.5; x86_64; ; )

On Thursday, December 08, 2011 11:16:33 PM Stefan Hajnoczi wrote:
> On Mon, Dec 05, 2011 at 09:48:37PM +0530, M. Mohan Kumar wrote:
> > From: "M. Mohan Kumar" <address@hidden>
> > 
> > Pass-through security model in QEMU 9p server needs root privilege to do
> > few file operations (like chown, chmod to any mode/uid:gid).  There are
> > two issues in pass-through security model
> > 
> > 1) TOCTTOU vulnerability: Following symbolic links in the server could
> > provide access to files beyond 9p export path.
> > 
> > 2) Running QEMU with root privilege could be a security issue.
> > 
> > To overcome above issues, following approach is used: A new filesytem
> > type 'proxy' is introduced. Proxy FS uses chroot + socket combination
> > for securing the vulnerability known with following symbolic links.
> > Intention of adding a new filesystem type is to allow qemu to run
> > in non-root mode, but doing privileged operations using socket IO.
> 
> Fails to build against qemu.git/master (217bfb4):
> 
>   CC    libhw64/9pfs/virtio-9p-proxy.o
> hw/9pfs/virtio-9p-proxy.c:1195:5: error: unknown field ‘parse_opts’
> specified in initializer hw/9pfs/virtio-9p-proxy.c:1195:5: warning:
> initialization from incompatible pointer type [enabled by default]
> hw/9pfs/virtio-9p-proxy.c:1195:5: warning: (near initialization for
> ‘proxy_ops.init’) [enabled by default]
> 
> Is this against another public tree?
>

Sorry, It depends on Aneesh's patch "Move opt validation to FsDriver callback"  
http://lists.gnu.org/archive/html/qemu-devel/2011-11/msg00275.html

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PATCH V4 05/13] hw/9pfs: Open and create files, (continued)
- [Qemu-devel] [PATCH V4 05/13] hw/9pfs: Open and create files, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 06/13] hw/9pfs: Create other filesystem objects, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 07/13] hw/9pfs: Add stat/readlink/statfs for proxy FS, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 08/13] hw/9pfs: File ownership and others, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 09/13] hw/9pfs: xattr interfaces in proxy filesystem driver, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 10/13] hw/9pfs: Proxy getversion, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 11/13] hw/9pfs: Documentation changes related to proxy fs, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 12/13] hw/9pfs: man page for proxy helper, M. Mohan Kumar, 2011/12/05
- [Qemu-devel] [PATCH V4 13/13] hw/9pfs: Add support to use named socket for proxy FS, M. Mohan Kumar, 2011/12/05
- Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS, Stefan Hajnoczi, 2011/12/08
  - Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS, M. Mohan Kumar <=

Prev by Date: [Qemu-devel] git.qemu.org is being transferred to a new server
Next by Date: Re: [Qemu-devel] [RFC 0/4] virtio-mmio transport
Previous by thread: Re: [Qemu-devel] [PATCH V4 00/13] Proxy FS driver for VirtFS
Next by thread: [Qemu-devel] [PATCH 0/7] ARM: clean up mpcore.c and separate out A9
Index(es):
- Date
- Thread