@@ -23,23 +23,6 @@
#define SM_LOCAL_MODE_BITS 0600
#define SM_LOCAL_DIR_MODE_BITS 0700
-typedef enum
-{
- /*
- * Server will try to set uid/gid.
- * On failure ignore the error.
- */
- SM_NONE = 0,
- /*
- * uid/gid set on fileserver files
- */
- SM_PASSTHROUGH = 1,
- /*
- * uid/gid part of xattr
- */
- SM_MAPPED,
-} SecModel;
-
typedef struct FsCred
{
uid_t fc_uid;
@@ -60,12 +43,27 @@ typedef struct extended_ops {
/* export flags */
#define V9FS_IMMEDIATE_WRITEOUT 0x00000001
#define V9FS_PATHNAME_FSCONTEXT 0x00000002
+/*
+ * uid/gid set on fileserver files
+ */
+#define V9FS_SM_PASSTHROUGH 0x00000004
+/*
+ * uid/gid part of xattr
+ */
+#define V9FS_SM_MAPPED 0x00000008
+/*
+ * Server will try to set uid/gid.
+ * On failure ignore the error.
+ */
+#define V9FS_SM_NONE 0x00000010
+
+
+#define V9FS_SEC_MASK 0x0000001C
typedef struct FsContext
{
- char *fs_root;
- SecModel fs_sm;
uid_t uid;
+ char *fs_root;
int export_flags;
struct xattr_operations **xops;
struct extended_ops exops;
@@ -72,14 +72,29 @@ int qemu_fsdev_add(QemuOpts *opts)
fsle->fse.fsdev_id = g_strdup(fsdev_id);
fsle->fse.path = g_strdup(path);
- fsle->fse.security_model = g_strdup(sec_model);
fsle->fse.ops = FsDrivers[i].ops;
fsle->fse.export_flags = 0;
if (writeout) {
if (!strcmp(writeout, "immediate")) {
- fsle->fse.export_flags = V9FS_IMMEDIATE_WRITEOUT;
+ fsle->fse.export_flags |= V9FS_IMMEDIATE_WRITEOUT;
}
}
+
+ if (!strcmp(sec_model, "passthrough")) {
+ fsle->fse.export_flags |= V9FS_SM_PASSTHROUGH;
+ } else if (!strcmp(sec_model, "mapped")) {
+ fsle->fse.export_flags |= V9FS_SM_MAPPED;
+ } else if (!strcmp(sec_model, "none")) {
+ fsle->fse.export_flags |= V9FS_SM_NONE;
+ } else {
+ fprintf(stderr, "Default to security_model=none. You may want"
+ " enable advanced security model using "
+ "security option:\n\t security_model=passthrough\n\t "
+ "security_model=mapped\n");
+
+ fsle->fse.export_flags |= V9FS_SM_NONE;
+ }
+
QTAILQ_INSERT_TAIL(&fsdriver_entries, fsle, next);
return 0;
}
@@ -40,7 +40,6 @@ typedef struct FsDriverTable {
typedef struct FsDriverEntry {
char *fsdev_id;
char *path;
- char *security_model;
int export_flags;
FileOperations *ops;
} FsDriverEntry;
@@ -83,35 +83,18 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
exit(1);
}
- if (!strcmp(fse->security_model, "passthrough")) {
- /* Files on the Fileserver set to client user credentials */
- s->ctx.fs_sm = SM_PASSTHROUGH;
+ s->ctx.export_flags = fse->export_flags;
+ s->ctx.fs_root = g_strdup(fse->path);
+ s->ctx.exops.get_st_gen = NULL;
+
+ if (fse->export_flags & V9FS_SM_PASSTHROUGH) {
s->ctx.xops = passthrough_xattr_ops;
- } else if (!strcmp(fse->security_model, "mapped")) {
- /* Files on the fileserver are set to QEMU credentials.
- * Client user credentials are saved in extended attributes.
- */
- s->ctx.fs_sm = SM_MAPPED;
+ } else if (fse->export_flags & V9FS_SM_MAPPED) {
s->ctx.xops = mapped_xattr_ops;
- } else if (!strcmp(fse->security_model, "none")) {
- /*
- * Files on the fileserver are set to QEMU credentials.
- */
- s->ctx.fs_sm = SM_NONE;
- s->ctx.xops = none_xattr_ops;
- } else {
- fprintf(stderr, "Default to security_model=none. You may want"
- " enable advanced security model using "
- "security option:\n\t security_model=passthrough\n\t "
- "security_model=mapped\n");
- s->ctx.fs_sm = SM_NONE;
+ } else if (fse->export_flags & V9FS_SM_NONE) {
s->ctx.xops = none_xattr_ops;
}
- s->ctx.export_flags = fse->export_flags;
- s->ctx.fs_root = g_strdup(fse->path);
- s->ctx.exops.get_st_gen = NULL;
-
len = strlen(conf->tag);
if (len > MAX_TAG_LEN) {
fprintf(stderr, "mount tag '%s' (%d bytes) is longer than "
@@ -49,7 +49,7 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf)
if (err) {
return err;
}
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
gid_t tmp_gid;
@@ -124,7 +124,7 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
* If we fail to change ownership and if we are
* using security model none. Ignore the error
*/
- if (fs_ctx->fs_sm != SM_NONE) {
+ if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
return -1;
}
}
@@ -138,7 +138,7 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath *fs_path,
char buffer[PATH_MAX];
char *path = fs_path->data;
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd;
fd = open(rpath(fs_ctx, path, buffer), O_RDONLY);
if (fd == -1) {
@@ -149,8 +149,8 @@ static ssize_t local_readlink(FsContext *fs_ctx, V9fsPath *fs_path,
} while (tsize == -1 && errno == EINTR);
close(fd);
return tsize;
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
tsize = readlink(rpath(fs_ctx, path, buffer), buf, bufsz);
}
return tsize;
@@ -250,10 +250,10 @@ static int local_chmod(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
char buffer[PATH_MAX];
char *path = fs_path->data;
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path, buffer), credp);
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
return chmod(rpath(fs_ctx, path, buffer), credp->fc_mode);
}
return -1;
@@ -273,7 +273,7 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
path = fullname.data;
/* Determine the security model */
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
err = mknod(rpath(fs_ctx, path, buffer),
SM_LOCAL_MODE_BITS|S_IFREG, 0);
if (err == -1) {
@@ -284,8 +284,8 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
serrno = errno;
goto err_end;
}
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = mknod(rpath(fs_ctx, path, buffer), credp->fc_mode,
credp->fc_rdev);
if (err == -1) {
@@ -321,7 +321,7 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
path = fullname.data;
/* Determine the security model */
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
err = mkdir(rpath(fs_ctx, path, buffer), SM_LOCAL_DIR_MODE_BITS);
if (err == -1) {
goto out;
@@ -332,8 +332,8 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
serrno = errno;
goto err_end;
}
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = mkdir(rpath(fs_ctx, path, buffer), credp->fc_mode);
if (err == -1) {
goto out;
@@ -361,7 +361,7 @@ static int local_fstat(FsContext *fs_ctx, int fd, struct stat *stbuf)
if (err) {
return err;
}
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
/* Actual credentials are part of extended attrs */
uid_t tmp_uid;
gid_t tmp_gid;
@@ -399,7 +399,7 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
path = fullname.data;
/* Determine the security model */
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
fd = open(rpath(fs_ctx, path, buffer), flags, SM_LOCAL_MODE_BITS);
if (fd == -1) {
err = fd;
@@ -412,8 +412,8 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
serrno = errno;
goto err_end;
}
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
fd = open(rpath(fs_ctx, path, buffer), flags, credp->fc_mode);
if (fd == -1) {
err = fd;
@@ -452,7 +452,7 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
newpath = fullname.data;
/* Determine the security model */
- if (fs_ctx->fs_sm == SM_MAPPED) {
+ if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
int fd;
ssize_t oldpath_size, write_size;
fd = open(rpath(fs_ctx, newpath, buffer), O_CREAT|O_EXCL|O_RDWR,
@@ -481,8 +481,8 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
serrno = errno;
goto err_end;
}
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
err = symlink(oldpath, rpath(fs_ctx, newpath, buffer));
if (err) {
goto out;
@@ -494,7 +494,7 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
* If we fail to change ownership and if we are
* using security model none. Ignore the error
*/
- if (fs_ctx->fs_sm != SM_NONE) {
+ if ((fs_ctx->export_flags & V9FS_SEC_MASK) != V9FS_SM_NONE) {
serrno = errno;
goto err_end;
} else
@@ -549,13 +549,13 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp)
char *path = fs_path->data;
if ((credp->fc_uid == -1 && credp->fc_gid == -1) ||
- (fs_ctx->fs_sm == SM_PASSTHROUGH)) {
+ (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH)) {
return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid);
- } else if (fs_ctx->fs_sm == SM_MAPPED) {
+ } else if (fs_ctx->export_flags & V9FS_SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path, buffer), credp);
- } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
- (fs_ctx->fs_sm == SM_NONE)) {
+ } else if ((fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) ||
+ (fs_ctx->export_flags & V9FS_SM_NONE)) {
return lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid);
}