Patchwork virtio-9p: Add SM_NONE security model

login
register
mail settings
Submitter Aneesh Kumar K.V
Date June 30, 2010, 4:44 a.m.
Message ID <1277873089-7742-1-git-send-email-aneesh.kumar@linux.vnet.ibm.com>
Download mbox | patch
Permalink /patch/57371/
State New
Headers show

Comments

Aneesh Kumar K.V - June 30, 2010, 4:44 a.m.
This is equivalent to SM_PASSTHROUGH security model.
The only exception is, failure of privilige operation like chown
are ignored. This makes a passthrough like security model usable
for people who runs kvm as non root

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
---
 hw/file-op-9p.h      |   15 +++++++++++++--
 hw/virtio-9p-local.c |   40 ++++++++++++++++++++++++++++++----------
 hw/virtio-9p.c       |   13 ++++++++++---
 qemu-options.hx      |    4 ++--
 vl.c                 |    2 +-
 5 files changed, 56 insertions(+), 18 deletions(-)

Patch

diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
index 3d5f761..fcaa3ae 100644
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -24,8 +24,19 @@ 
 
 typedef enum
 {
-    SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */
-    SM_MAPPED,  /* uid/gid part of xattr */
+    /*
+     * Server will try to set uid/gid.
+     * On failure ignore the error.
+     */
+    SM_NONE = 0,
+    /*
+     * uid/gid set on fileserver files
+     */
+    SM_PASSTHROUGH = 1,
+    /*
+     * uid/gid part of xattr
+     */
+    SM_MAPPED,
 } SecModel;
 
 typedef struct FsCred
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
index c41193c..bc6793a 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -102,7 +102,13 @@  static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
         return -1;
     }
     if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) {
-        return -1;
+        /*
+         * If we fail to change ownership and if we are
+         * using security model none. Ignore the error
+         */
+        if (fs_ctx->fs_sm != SM_NONE) {
+            return -1;
+        }
     }
     return 0;
 }
@@ -122,7 +128,8 @@  static ssize_t local_readlink(FsContext *fs_ctx, const char *path,
         } while (tsize == -1 && errno == EINTR);
         close(fd);
         return tsize;
-    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+    } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+               (fs_ctx->fs_sm == SM_NONE)) {
         tsize = readlink(rpath(fs_ctx, path), buf, bufsz);
     }
     return tsize;
@@ -189,7 +196,8 @@  static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp)
 {
     if (fs_ctx->fs_sm == SM_MAPPED) {
         return local_set_xattr(rpath(fs_ctx, path), credp);
-    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+    } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+               (fs_ctx->fs_sm == SM_NONE)) {
         return chmod(rpath(fs_ctx, path), credp->fc_mode);
     }
     return -1;
@@ -211,7 +219,8 @@  static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp)
             serrno = errno;
             goto err_end;
         }
-    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+    } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+               (fs_ctx->fs_sm == SM_NONE)) {
         err = mknod(rpath(fs_ctx, path), credp->fc_mode, credp->fc_rdev);
         if (err == -1) {
             return err;
@@ -247,7 +256,8 @@  static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
             serrno = errno;
             goto err_end;
         }
-    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+    } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+               (fs_ctx->fs_sm == SM_NONE)) {
         err = mkdir(rpath(fs_ctx, path), credp->fc_mode);
         if (err == -1) {
             return err;
@@ -316,7 +326,8 @@  static int local_open2(FsContext *fs_ctx, const char *path, int flags,
             serrno = errno;
             goto err_end;
         }
-    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+    } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+               (fs_ctx->fs_sm == SM_NONE)) {
         fd = open(rpath(fs_ctx, path), flags, credp->fc_mode);
         if (fd == -1) {
             return fd;
@@ -372,15 +383,23 @@  static int local_symlink(FsContext *fs_ctx, const char *oldpath,
             serrno = errno;
             goto err_end;
         }
-    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+    } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+               (fs_ctx->fs_sm == SM_NONE)) {
         err = symlink(oldpath, rpath(fs_ctx, newpath));
         if (err) {
             return err;
         }
         err = lchown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid);
         if (err == -1) {
-            serrno = errno;
-            goto err_end;
+            /*
+             * If we fail to change ownership and if we are
+             * using security model none. Ignore the error
+             */
+            if (fs_ctx->fs_sm != SM_NONE) {
+                serrno = errno;
+                goto err_end;
+            } else
+                err = 0;
         }
     }
     return err;
@@ -450,7 +469,8 @@  static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp)
         return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
     } else if (fs_ctx->fs_sm == SM_MAPPED) {
         return local_set_xattr(rpath(fs_ctx, path), credp);
-    } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+    } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+               (fs_ctx->fs_sm == SM_NONE)) {
         return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
     }
     return -1;
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index aa08ab7..96efe1d 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -3509,12 +3509,19 @@  VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
          * Client user credentials are saved in extended attributes.
          */
         s->ctx.fs_sm = SM_MAPPED;
+    } else if (!strcmp(fse->security_model, "none")) {
+        /* Files on the fileserver are set to QEMU credentials.
+         * Client user credentials are saved in extended attributes.
+         */
+        s->ctx.fs_sm = SM_NONE;
+
     } else {
-        /* user haven't specified a correct security option */
-        fprintf(stderr, "one of the following must be specified as the"
+        /* Default so SM_NONE option which was the default before */
+        fprintf(stderr, "Default to security_mode=none. You may want"
+                " enable advanced security model using "
                 "security option:\n\t security_model=passthrough \n\t "
                 "security_model=mapped\n");
-        return NULL;
+        s->ctx.fs_sm = SM_MAPPED;
     }
 
     if (lstat(fse->path, &stat)) {
diff --git a/qemu-options.hx b/qemu-options.hx
index d1d2272..701a004 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -486,7 +486,7 @@  ETEXI
 DEFHEADING(File system options:)
 
 DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
-    "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
+    "-fsdev local,id=id,path=path,security_model=[mapped|passthrough|none]\n",
     QEMU_ARCH_ALL)
 
 STEXI
@@ -521,7 +521,7 @@  ETEXI
 DEFHEADING(Virtual File system pass-through options:)
 
 DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
-    "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
+    "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough|none]\n",
     QEMU_ARCH_ALL)
 
 STEXI
diff --git a/vl.c b/vl.c
index 6f559bf..6228a77 100644
--- a/vl.c
+++ b/vl.c
@@ -2305,7 +2305,7 @@  int main(int argc, char **argv, char **envp)
                         qemu_opt_get(opts, "path") == NULL ||
                         qemu_opt_get(opts, "security_model") == NULL) {
                     fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
-                            "security_model=[mapped|passthrough],"
+                            "security_model=[mapped|passthrough|none],"
                             "mnt_tag=tag.\n");
                     exit(1);
                 }