[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH-V6 06/10] virtio-9p: Security model for create/open2
From: |
Venkateswararao Jujjuri (JV) |
Subject: |
[Qemu-devel] [PATCH-V6 06/10] virtio-9p: Security model for create/open2 |
Date: |
Thu, 10 Jun 2010 13:32:55 -0700 |
In the mapped security model, VirtFS server intercepts and maps
the file object create and get/set attribute requests. Files on the fileserver
will be created with VirtFS servers (QEMU) user credentials and the
client-users credentials are stored in extended attributes. On the request
to get attributes, server extracts the client-users credentials
from extended attributes and sends them to the client.
On Host/Fileserver:
-rw-------. 2 virfsuid virtfsgid 0 2010-05-11 09:19 afile
On Guest/Client:
-rw-r--r-- 2 guestuser guestuser 0 2010-05-11 12:19 afile
Signed-off-by: Venkateswararao Jujjuri <address@hidden>
---
hw/file-op-9p.h | 2 +-
hw/virtio-9p-local.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++-
hw/virtio-9p.c | 16 ++++++++++----
3 files changed, 61 insertions(+), 8 deletions(-)
diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
index a53cd35..b345189 100644
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -62,7 +62,7 @@ typedef struct FileOperations
int (*closedir)(FsContext *, DIR *);
DIR *(*opendir)(FsContext *, const char *);
int (*open)(FsContext *, const char *, int);
- int (*open2)(FsContext *, const char *, int, mode_t);
+ int (*open2)(FsContext *, const char *, int, FsCred *);
void (*rewinddir)(FsContext *, DIR *);
off_t (*telldir)(FsContext *, DIR *);
struct dirent *(*readdir)(FsContext *, DIR *);
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
index 74c81a6..bb5140e 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -95,6 +95,18 @@ static int local_set_xattr(const char *path, FsCred *credp)
return 0;
}
+static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
+ FsCred *credp)
+{
+ if (chmod(rpath(fs_ctx, path), credp->fc_mode & 07777) < 0) {
+ return -1;
+ }
+ if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) {
+ return -1;
+ }
+ return 0;
+}
+
static ssize_t local_readlink(FsContext *ctx, const char *path,
char *buf, size_t bufsz)
{
@@ -230,9 +242,44 @@ static int local_fstat(FsContext *fs_ctx, int fd, struct
stat *stbuf)
return err;
}
-static int local_open2(FsContext *ctx, const char *path, int flags, mode_t
mode)
+static int local_open2(FsContext *fs_ctx, const char *path, int flags,
+ FsCred *credp)
{
- return open(rpath(ctx, path), flags, mode);
+ int fd = -1;
+ int err = -1;
+ int serrno = 0;
+
+ /* Determine the security model */
+ if (fs_ctx->fs_sm == SM_MAPPED) {
+ fd = open(rpath(fs_ctx, path), flags, SM_LOCAL_MODE_BITS);
+ if (fd == -1) {
+ return fd;
+ }
+ credp->fc_mode = credp->fc_mode|S_IFREG;
+ /* Set cleint credentials in xattr */
+ err = local_set_xattr(rpath(fs_ctx, path), credp);
+ if (err == -1) {
+ serrno = errno;
+ goto err_end;
+ }
+ } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+ fd = open(rpath(fs_ctx, path), flags, credp->fc_mode);
+ if (fd == -1) {
+ return fd;
+ }
+ err = local_post_create_passthrough(fs_ctx, path, credp);
+ if (err == -1) {
+ serrno = errno;
+ goto err_end;
+ }
+ }
+ return fd;
+
+err_end:
+ close(fd);
+ remove(rpath(fs_ctx, path));
+ errno = serrno;
+ return err;
}
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index fa459c9..49a3065 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -180,9 +180,17 @@ static int v9fs_do_fstat(V9fsState *s, int fd, struct stat
*stbuf)
return s->ops->fstat(&s->ctx, fd, stbuf);
}
-static int v9fs_do_open2(V9fsState *s, V9fsString *path, int flags, mode_t
mode)
+static int v9fs_do_open2(V9fsState *s, V9fsCreateState *vs)
{
- return s->ops->open2(&s->ctx, path->data, flags, mode);
+ FsCred cred;
+ int flags;
+
+ cred_init(&cred);
+ cred.fc_uid = vs->fidp->uid;
+ cred.fc_mode = vs->perm & 0777;
+ flags = omode_to_uflags(vs->mode) | O_CREAT;
+
+ return s->ops->open2(&s->ctx, vs->fullname.data, flags, &cred);
}
static int v9fs_do_symlink(V9fsState *s, V9fsString *oldpath,
@@ -1815,9 +1823,7 @@ static void v9fs_create_post_lstat(V9fsState *s,
V9fsCreateState *vs, int err)
err = v9fs_do_mksock(s, &vs->fullname);
v9fs_create_post_mksock(s, vs, err);
} else {
- vs->fidp->fd = v9fs_do_open2(s, &vs->fullname,
- omode_to_uflags(vs->mode) | O_CREAT,
- vs->perm & 0777);
+ vs->fidp->fd = v9fs_do_open2(s, vs);
v9fs_create_post_open2(s, vs, err);
}
--
1.6.5.2
- [Qemu-devel] PATCH-V6 0/10] virtio-9p:Introducing security model for VirtFS, Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 04/10] virtio-9p: Security model for chown, Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 02/10] virtio-9p: Make infrastructure for the new security model., Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 10/10] virtio-9p: Implement Security model for mksock using mknod., Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 06/10] virtio-9p: Security model for create/open2,
Venkateswararao Jujjuri (JV) <=
- [Qemu-devel] [PATCH-V6 03/10] virtio-9p: Security model for chmod, Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 08/10] virtio-9p: Security model for symlink and readlink, Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 01/10] virtio-9p: Introduces an option to specify the security model., Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 05/10] virtio-9p: Implemented Security model for lstat and fstat, Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 07/10] virtio-9p: Security model for mkdir, Venkateswararao Jujjuri (JV), 2010/06/10
- [Qemu-devel] [PATCH-V6 09/10] virtio-9p: Implement Security model for mknod, Venkateswararao Jujjuri (JV), 2010/06/10