virtio-9p: Make infrastructure for the new security model.
This patch adds required infrastructure for the new security model.
- A new configure option for attr/xattr.
- if CONFIG_VIRTFS will be defined if both CONFIG_LINUX and CONFIG_ATTR defined.
- Defines routines related to both security models.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
index f84767f..307bd1e 100644
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -18,13 +18,33 @@
#include <utime.h>
#include <sys/stat.h>
#include <sys/uio.h>
+#include <sys/vfs.h>
+#define SM_LOCAL_MODE_BITS 0600
+#define SM_LOCAL_DIR_MODE_BITS 0700
+
+typedef enum
+{
+ SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */
+ SM_MAPPED, /* uid/gid part of xattr */
+} SecModel;
+
+typedef struct FsCred
+{
+ uid_t fc_uid;
+ gid_t fc_gid;
+ mode_t fc_mode;
+ dev_t fc_rdev;
+} FsCred;
typedef struct FsContext
{
char *fs_root;
+ SecModel fs_sm;
uid_t uid;
} FsContext;
+extern void cred_init(FsCred *);
+
typedef struct FileOperations
{
int (*lstat)(FsContext *, const char *, struct stat *);
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
index 1afb731..056b4ba 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -17,6 +17,7 @@
#include <grp.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <attr/xattr.h>
static const char *rpath(FsContext *ctx, const char *path)
{
@@ -31,45 +32,37 @@
return lstat(rpath(ctx, path), stbuf);
}
-static int local_setuid(FsContext *ctx, uid_t uid)
+static int local_set_xattr(const char *path, FsCred *credp)
{
- struct passwd *pw;
- gid_t groups[33];
- int ngroups;
- static uid_t cur_uid = -1;
-
- if (cur_uid == uid) {
- return 0;
+ int err;
+ if (credp->fc_uid != -1) {
+ err = setxattr(path, "user.virtfs.uid", &credp->fc_uid, sizeof(uid_t),
+ 0);
+ if (err) {
+ return err;
+ }
}
-
- if (setreuid(0, 0)) {
- return -1;
+ if (credp->fc_gid != -1) {
+ err = setxattr(path, "user.virtfs.gid", &credp->fc_gid, sizeof(gid_t),
+ 0);
+ if (err) {
+ return err;
+ }
}
-
- pw = getpwuid(uid);
- if (pw == NULL) {
- return -1;
+ if (credp->fc_mode != -1) {
+ err = setxattr(path, "user.virtfs.mode", &credp->fc_mode,
+ sizeof(mode_t), 0);
+ if (err) {
+ return err;
+ }
}
-
- ngroups = 33;
- if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) {
- return -1;
+ if (credp->fc_rdev != -1) {
+ err = setxattr(path, "user.virtfs.rdev", &credp->fc_rdev,
+ sizeof(dev_t), 0);
+ if (err) {
+ return err;
+ }
}
-
- if (setgroups(ngroups, groups)) {
- return -1;
- }
-
- if (setregid(-1, pw->pw_gid)) {
- return -1;
- }
-
- if (setreuid(-1, uid)) {
- return -1;
- }
-
- cur_uid = uid;
-
return 0;
}
@@ -183,6 +176,7 @@
return open(rpath(ctx, path), flags, mode);
}
+
static int local_symlink(FsContext *ctx, const char *oldpath,
const char *newpath)
{
@@ -259,12 +253,13 @@
static int local_fsync(FsContext *ctx, int fd)
{
+ if (0) /* Just to supress the warning. Will be removed in next patch. */
+ (void)local_set_xattr(NULL, NULL);
return fsync(fd);
}
FileOperations local_ops = {
.lstat = local_lstat,
- .setuid = local_setuid,
.readlink = local_readlink,
.close = local_close,
.closedir = local_closedir,
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index 2530488..a7ba4b6 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -67,16 +67,19 @@
return ret;
}
+void cred_init(FsCred *credp)
+{
+ credp->fc_uid = -1;
+ credp->fc_gid = -1;
+ credp->fc_mode = -1;
+ credp->fc_rdev = -1;
+}
+
static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf)
{
return s->ops->lstat(&s->ctx, path->data, stbuf);
}
-static int v9fs_do_setuid(V9fsState *s, uid_t uid)
-{
- return s->ops->setuid(&s->ctx, uid);
-}
-
static ssize_t v9fs_do_readlink(V9fsState *s, V9fsString *path, V9fsString *buf)
{
ssize_t len;
@@ -348,7 +351,6 @@
for (f = s->fid_list; f; f = f->next) {
if (f->fid == fid) {
- v9fs_do_setuid(s, f->uid);
return f;
}
}
@@ -2253,8 +2255,15 @@
exit(1);
}
- if (!strcmp(fse->security_model, "passthrough") &&
- !strcmp(fse->security_model, "mapped")) {
+ if (!strcmp(fse->security_model, "passthrough")) {
+ /* Files on the Fileserver set to client user credentials */
+ s->ctx.fs_sm = SM_PASSTHROUGH;
+ } else if (!strcmp(fse->security_model, "mapped")) {
+ /* Files on the fileserver are set to QEMU credentials.
+ * Client user credentials are saved in extended attributes.
+ */
+ s->ctx.fs_sm = SM_MAPPED;
+ } else {
/* user haven't specified a correct security option */
fprintf(stderr, "one of the following must be specified as the"
"security option:\n\t security_model=passthrough \n\t "
diff --git a/hw/virtio-pci.c b/hw/virtio-pci.c
index e101fa0..9accb77 100644
--- a/hw/virtio-pci.c
+++ b/hw/virtio-pci.c
@@ -641,7 +641,7 @@
return 0;
}
-#ifdef CONFIG_LINUX
+#ifdef CONFIG_VIRTFS
static int virtio_9p_init_pci(PCIDevice *pci_dev)
{
VirtIOPCIProxy *proxy = DO_UPCAST(VirtIOPCIProxy, pci_dev, pci_dev);
@@ -712,7 +712,7 @@
},
.qdev.reset = virtio_pci_reset,
},{
-#ifdef CONFIG_LINUX
+#ifdef CONFIG_VIRTFS
.qdev.name = "virtio-9p-pci",
.qdev.size = sizeof(VirtIOPCIProxy),
.init = virtio_9p_init_pci,