From patchwork Mon Jun 14 20:34:40 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: jvrao X-Patchwork-Id: 55581 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by ozlabs.org (Postfix) with ESMTPS id 867A3B7D84 for ; Tue, 15 Jun 2010 06:32:58 +1000 (EST) Received: from localhost ([127.0.0.1]:55349 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OOGKx-00007c-Kt for incoming@patchwork.ozlabs.org; Mon, 14 Jun 2010 16:32:51 -0400 Received: from [140.186.70.92] (port=57709 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OOGJT-00006B-E3 for qemu-devel@nongnu.org; Mon, 14 Jun 2010 16:31:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OOGJR-00040l-W0 for qemu-devel@nongnu.org; Mon, 14 Jun 2010 16:31:19 -0400 Received: from e33.co.us.ibm.com ([32.97.110.151]:46623) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OOGJR-00040V-NB for qemu-devel@nongnu.org; Mon, 14 Jun 2010 16:31:17 -0400 Received: from d03relay01.boulder.ibm.com (d03relay01.boulder.ibm.com [9.17.195.226]) by e33.co.us.ibm.com (8.14.4/8.13.1) with ESMTP id o5EKQwnW028778 for ; Mon, 14 Jun 2010 14:26:58 -0600 Received: from d03av02.boulder.ibm.com (d03av02.boulder.ibm.com [9.17.195.168]) by d03relay01.boulder.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id o5EKV7wR012072 for ; Mon, 14 Jun 2010 14:31:15 -0600 Received: from d03av02.boulder.ibm.com (loopback [127.0.0.1]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id o5EKV6MC012344 for ; Mon, 14 Jun 2010 14:31:06 -0600 Received: from localhost.localdomain (elm9m80.beaverton.ibm.com [9.47.81.80]) by d03av02.boulder.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id o5EKV5F7012202; Mon, 14 Jun 2010 14:31:06 -0600 From: "Venkateswararao Jujjuri (JV)" To: qemu-devel@nongnu.org Date: Mon, 14 Jun 2010 13:34:40 -0700 Message-Id: <1276547689-3408-2-git-send-email-jvrao@linux.vnet.ibm.com> X-Mailer: git-send-email 1.6.0.6 In-Reply-To: <1276547689-3408-1-git-send-email-jvrao@linux.vnet.ibm.com> References: <1276547689-3408-1-git-send-email-jvrao@linux.vnet.ibm.com> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) Cc: aliguori@us.ibm.com, "Venkateswararao Jujjuri \(JV\)" Subject: [Qemu-devel] [PATCH-V7 01/10] virtio-9p: Introduces an option to specify the security model. X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org The new option is: -fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough] -virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag In the case of mapped security model, files are created with QEMU user credentials and the client-user's credentials are saved in extended attributes. Whereas in the case of passthrough security model, files on the filesystem are directly created with client-user's credentials. Signed-off-by: Venkateswararao Jujjuri --- fsdev/qemu-fsdev.c | 9 ++++++++- fsdev/qemu-fsdev.h | 1 + hw/virtio-9p.c | 9 +++++++++ qemu-config.c | 6 ++++++ qemu-options.hx | 15 +++++++++++---- vl.c | 18 +++++++++++++++--- 6 files changed, 50 insertions(+), 8 deletions(-) diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c index 813e1f7..ad69b0e 100644 --- a/fsdev/qemu-fsdev.c +++ b/fsdev/qemu-fsdev.c @@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts) return -1; } - for (i = 0; i < ARRAY_SIZE(FsTypes); i++) { + for (i = 0; i < ARRAY_SIZE(FsTypes); i++) { if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) { break; } @@ -46,10 +46,17 @@ int qemu_fsdev_add(QemuOpts *opts) return -1; } + if (qemu_opt_get(opts, "security_model") == NULL) { + fprintf(stderr, "fsdev: No security_model specified.\n"); + return -1; + } + fsle = qemu_malloc(sizeof(*fsle)); fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts)); fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path")); + fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts, + "security_model")); fsle->fse.ops = FsTypes[i].ops; QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next); diff --git a/fsdev/qemu-fsdev.h b/fsdev/qemu-fsdev.h index b50fbe0..6c27881 100644 --- a/fsdev/qemu-fsdev.h +++ b/fsdev/qemu-fsdev.h @@ -40,6 +40,7 @@ typedef struct FsTypeTable { typedef struct FsTypeEntry { char *fsdev_id; char *path; + char *security_model; FileOperations *ops; } FsTypeEntry; diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c index 038bb39..2530488 100644 --- a/hw/virtio-9p.c +++ b/hw/virtio-9p.c @@ -2253,6 +2253,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf) exit(1); } + if (!strcmp(fse->security_model, "passthrough") && + !strcmp(fse->security_model, "mapped")) { + /* user haven't specified a correct security option */ + fprintf(stderr, "one of the following must be specified as the" + "security option:\n\t security_model=passthrough \n\t " + "security_model=mapped\n"); + return NULL; + } + if (lstat(fse->path, &stat)) { fprintf(stderr, "share path %s does not exist\n", fse->path); exit(1); diff --git a/qemu-config.c b/qemu-config.c index 5a4e61b..95abe61 100644 --- a/qemu-config.c +++ b/qemu-config.c @@ -163,6 +163,9 @@ QemuOptsList qemu_fsdev_opts = { }, { .name = "path", .type = QEMU_OPT_STRING, + }, { + .name = "security_model", + .type = QEMU_OPT_STRING, }, { /*End of list */ } }, @@ -184,6 +187,9 @@ QemuOptsList qemu_virtfs_opts = { }, { .name = "mount_tag", .type = QEMU_OPT_STRING, + }, { + .name = "security_model", + .type = QEMU_OPT_STRING, }, { /*End of list */ } diff --git a/qemu-options.hx b/qemu-options.hx index a6928b7..d1d2272 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -486,7 +486,7 @@ ETEXI DEFHEADING(File system options:) DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, - "-fsdev local,id=id,path=path\n", + "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n", QEMU_ARCH_ALL) STEXI @@ -502,7 +502,7 @@ The specific Fstype will determine the applicable options. Options to each backend are described below. -@item -fsdev local ,id=@var{id} ,path=@var{path} +@item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model} Create a file-system-"device" for local-filesystem. @@ -510,6 +510,9 @@ Create a file-system-"device" for local-filesystem. @option{path} specifies the path to be exported. @option{path} is required. +@option{security_model} specifies the security model to be followed. +@option{security_model} is required. + @end table ETEXI #endif @@ -518,7 +521,7 @@ ETEXI DEFHEADING(Virtual File system pass-through options:) DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, - "-virtfs local,path=path,mount_tag=tag\n", + "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n", QEMU_ARCH_ALL) STEXI @@ -534,7 +537,7 @@ The specific Fstype will determine the applicable options. Options to each backend are described below. -@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} +@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model} Create a Virtual file-system-pass through for local-filesystem. @@ -542,6 +545,10 @@ Create a Virtual file-system-pass through for local-filesystem. @option{path} specifies the path to be exported. @option{path} is required. +@option{security_model} specifies the security model to be followed. +@option{security_model} is required. + + @option{mount_tag} specifies the tag with which the exported file is mounted. @option{mount_tag} is required. diff --git a/vl.c b/vl.c index 7121cd0..98491ae 100644 --- a/vl.c +++ b/vl.c @@ -3094,10 +3094,21 @@ int main(int argc, char **argv, char **envp) exit(1); } - len = strlen(",id=,path="); + if (qemu_opt_get(opts, "fstype") == NULL || + qemu_opt_get(opts, "mount_tag") == NULL || + qemu_opt_get(opts, "path") == NULL || + qemu_opt_get(opts, "security_model") == NULL) { + fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/," + "security_model=[mapped|passthrough]," + "mnt_tag=tag.\n"); + exit(1); + } + + len = strlen(",id=,path=,security_model="); len += strlen(qemu_opt_get(opts, "fstype")); len += strlen(qemu_opt_get(opts, "mount_tag")); len += strlen(qemu_opt_get(opts, "path")); + len += strlen(qemu_opt_get(opts, "security_model")); arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev)); if (!arg_fsdev) { @@ -3106,10 +3117,11 @@ int main(int argc, char **argv, char **envp) exit(1); } - sprintf(arg_fsdev, "%s,id=%s,path=%s", + sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s", qemu_opt_get(opts, "fstype"), qemu_opt_get(opts, "mount_tag"), - qemu_opt_get(opts, "path")); + qemu_opt_get(opts, "path"), + qemu_opt_get(opts, "security_model")); len = strlen("virtio-9p-pci,fsdev=,mount_tag="); len += 2*strlen(qemu_opt_get(opts, "mount_tag"));