From patchwork Thu Jun 10 20:32:55 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: jvrao X-Patchwork-Id: 55256 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 268A6B7D68 for ; Fri, 11 Jun 2010 06:48:05 +1000 (EST) Received: from localhost ([127.0.0.1]:43100 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OMoY7-0005cK-H6 for incoming@patchwork.ozlabs.org; Thu, 10 Jun 2010 16:40:27 -0400 Received: from [140.186.70.92] (port=55134 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OMoNY-0002S4-OA for qemu-devel@nongnu.org; Thu, 10 Jun 2010 16:29:35 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OMoNU-0001Wv-2U for qemu-devel@nongnu.org; Thu, 10 Jun 2010 16:29:29 -0400 Received: from e39.co.us.ibm.com ([32.97.110.160]:38524) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OMoNT-0001Wb-Pn for qemu-devel@nongnu.org; Thu, 10 Jun 2010 16:29:28 -0400 Received: from d03relay01.boulder.ibm.com (d03relay01.boulder.ibm.com [9.17.195.226]) by e39.co.us.ibm.com (8.14.4/8.13.1) with ESMTP id o5AKKJ44006293 for ; Thu, 10 Jun 2010 14:20:19 -0600 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d03relay01.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o5AKTIrW083750 for ; Thu, 10 Jun 2010 14:29:19 -0600 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id o5AKTIA8019792 for ; Thu, 10 Jun 2010 14:29:18 -0600 Received: from localhost.localdomain (elm9m80.beaverton.ibm.com [9.47.81.80]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id o5AKTDp4019457; Thu, 10 Jun 2010 14:29:17 -0600 From: "Venkateswararao Jujjuri (JV)" To: qemu-devel@nongnu.org Date: Thu, 10 Jun 2010 13:32:55 -0700 Message-Id: <1276201979-17825-7-git-send-email-jvrao@linux.vnet.ibm.com> X-Mailer: git-send-email 1.6.0.6 In-Reply-To: <1276201979-17825-1-git-send-email-jvrao@linux.vnet.ibm.com> References: <1276201979-17825-1-git-send-email-jvrao@linux.vnet.ibm.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: aliguori@us.ibm.com, "Venkateswararao Jujjuri \(JV\)" Subject: [Qemu-devel] [PATCH-V6 06/10] virtio-9p: Security model for create/open2 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org In the mapped security model, VirtFS server intercepts and maps the file object create and get/set attribute requests. Files on the fileserver will be created with VirtFS servers (QEMU) user credentials and the client-users credentials are stored in extended attributes. On the request to get attributes, server extracts the client-users credentials from extended attributes and sends them to the client. On Host/Fileserver: -rw-------. 2 virfsuid virtfsgid 0 2010-05-11 09:19 afile On Guest/Client: -rw-r--r-- 2 guestuser guestuser 0 2010-05-11 12:19 afile Signed-off-by: Venkateswararao Jujjuri --- hw/file-op-9p.h | 2 +- hw/virtio-9p-local.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++- hw/virtio-9p.c | 16 ++++++++++---- 3 files changed, 61 insertions(+), 8 deletions(-) diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h index a53cd35..b345189 100644 --- a/hw/file-op-9p.h +++ b/hw/file-op-9p.h @@ -62,7 +62,7 @@ typedef struct FileOperations int (*closedir)(FsContext *, DIR *); DIR *(*opendir)(FsContext *, const char *); int (*open)(FsContext *, const char *, int); - int (*open2)(FsContext *, const char *, int, mode_t); + int (*open2)(FsContext *, const char *, int, FsCred *); void (*rewinddir)(FsContext *, DIR *); off_t (*telldir)(FsContext *, DIR *); struct dirent *(*readdir)(FsContext *, DIR *); diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c index 74c81a6..bb5140e 100644 --- a/hw/virtio-9p-local.c +++ b/hw/virtio-9p-local.c @@ -95,6 +95,18 @@ static int local_set_xattr(const char *path, FsCred *credp) return 0; } +static int local_post_create_passthrough(FsContext *fs_ctx, const char *path, + FsCred *credp) +{ + if (chmod(rpath(fs_ctx, path), credp->fc_mode & 07777) < 0) { + return -1; + } + if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) { + return -1; + } + return 0; +} + static ssize_t local_readlink(FsContext *ctx, const char *path, char *buf, size_t bufsz) { @@ -230,9 +242,44 @@ static int local_fstat(FsContext *fs_ctx, int fd, struct stat *stbuf) return err; } -static int local_open2(FsContext *ctx, const char *path, int flags, mode_t mode) +static int local_open2(FsContext *fs_ctx, const char *path, int flags, + FsCred *credp) { - return open(rpath(ctx, path), flags, mode); + int fd = -1; + int err = -1; + int serrno = 0; + + /* Determine the security model */ + if (fs_ctx->fs_sm == SM_MAPPED) { + fd = open(rpath(fs_ctx, path), flags, SM_LOCAL_MODE_BITS); + if (fd == -1) { + return fd; + } + credp->fc_mode = credp->fc_mode|S_IFREG; + /* Set cleint credentials in xattr */ + err = local_set_xattr(rpath(fs_ctx, path), credp); + if (err == -1) { + serrno = errno; + goto err_end; + } + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + fd = open(rpath(fs_ctx, path), flags, credp->fc_mode); + if (fd == -1) { + return fd; + } + err = local_post_create_passthrough(fs_ctx, path, credp); + if (err == -1) { + serrno = errno; + goto err_end; + } + } + return fd; + +err_end: + close(fd); + remove(rpath(fs_ctx, path)); + errno = serrno; + return err; } diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c index fa459c9..49a3065 100644 --- a/hw/virtio-9p.c +++ b/hw/virtio-9p.c @@ -180,9 +180,17 @@ static int v9fs_do_fstat(V9fsState *s, int fd, struct stat *stbuf) return s->ops->fstat(&s->ctx, fd, stbuf); } -static int v9fs_do_open2(V9fsState *s, V9fsString *path, int flags, mode_t mode) +static int v9fs_do_open2(V9fsState *s, V9fsCreateState *vs) { - return s->ops->open2(&s->ctx, path->data, flags, mode); + FsCred cred; + int flags; + + cred_init(&cred); + cred.fc_uid = vs->fidp->uid; + cred.fc_mode = vs->perm & 0777; + flags = omode_to_uflags(vs->mode) | O_CREAT; + + return s->ops->open2(&s->ctx, vs->fullname.data, flags, &cred); } static int v9fs_do_symlink(V9fsState *s, V9fsString *oldpath, @@ -1815,9 +1823,7 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err) err = v9fs_do_mksock(s, &vs->fullname); v9fs_create_post_mksock(s, vs, err); } else { - vs->fidp->fd = v9fs_do_open2(s, &vs->fullname, - omode_to_uflags(vs->mode) | O_CREAT, - vs->perm & 0777); + vs->fidp->fd = v9fs_do_open2(s, vs); v9fs_create_post_open2(s, vs, err); }