[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at f
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation |
Date: |
Mon, 7 Feb 2022 12:49:24 +0000 |
User-agent: |
Mutt/2.1.5 (2021-12-30) |
* Vivek Goyal (vgoyal@redhat.com) wrote:
> Hi,
>
> This is V5 of the patches. I posted V4 here.
>
> https://listman.redhat.com/archives/virtio-fs/2022-January/msg00041.html
>
> These will allow us to support SELinux with virtiofs. This will send
> SELinux context at file creation to server and server can set it on
> file.
I think that's pretty close; I've got some minor comments I've replied
to on the individual patches.
I do worry that the number of different paths for each operation is now
quite large so hard to test.
I also wonder what happens on something other than SELinux.
Dave
> Changes since V4
> ----------------
> - Parse only known current size of fuse_init_in. This will make sure
> that future extension does not break existing code upon header
> update. (David Gilbert)
>
> - Changed order of one of the patch. It is first patch in series. This
> will help fix the breakage before header update patch and code remains
> git bisectable. (David Gilbert)
>
> - Changed %lx to %llx at one place. (David Gilbert).
>
> Thanks
> Vivek
>
> Vivek Goyal (9):
> virtiofsd: Fix breakage due to fuse_init_in size change
> linux-headers: Update headers to v5.17-rc1
> virtiofsd: Parse extended "struct fuse_init_in"
> virtiofsd: Extend size of fuse_conn_info->capable and ->want fields
> virtiofsd, fuse_lowlevel.c: Add capability to parse security context
> virtiofsd: Move core file creation code in separate function
> virtiofsd: Create new file with fscreate set
> virtiofsd: Create new file using O_TMPFILE and set security context
> virtiofsd: Add an option to enable/disable security label
>
> docs/tools/virtiofsd.rst | 7 +
> include/standard-headers/asm-x86/kvm_para.h | 1 +
> include/standard-headers/drm/drm_fourcc.h | 11 +
> include/standard-headers/linux/ethtool.h | 1 +
> include/standard-headers/linux/fuse.h | 60 ++-
> include/standard-headers/linux/pci_regs.h | 142 +++---
> include/standard-headers/linux/virtio_gpio.h | 72 +++
> include/standard-headers/linux/virtio_i2c.h | 47 ++
> include/standard-headers/linux/virtio_iommu.h | 8 +-
> .../standard-headers/linux/virtio_pcidev.h | 65 +++
> include/standard-headers/linux/virtio_scmi.h | 24 +
> linux-headers/asm-generic/unistd.h | 5 +-
> linux-headers/asm-mips/unistd_n32.h | 2 +
> linux-headers/asm-mips/unistd_n64.h | 2 +
> linux-headers/asm-mips/unistd_o32.h | 2 +
> linux-headers/asm-powerpc/unistd_32.h | 2 +
> linux-headers/asm-powerpc/unistd_64.h | 2 +
> linux-headers/asm-riscv/bitsperlong.h | 14 +
> linux-headers/asm-riscv/mman.h | 1 +
> linux-headers/asm-riscv/unistd.h | 44 ++
> linux-headers/asm-s390/unistd_32.h | 2 +
> linux-headers/asm-s390/unistd_64.h | 2 +
> linux-headers/asm-x86/kvm.h | 16 +-
> linux-headers/asm-x86/unistd_32.h | 1 +
> linux-headers/asm-x86/unistd_64.h | 1 +
> linux-headers/asm-x86/unistd_x32.h | 1 +
> linux-headers/linux/kvm.h | 17 +
> tools/virtiofsd/fuse_common.h | 9 +-
> tools/virtiofsd/fuse_i.h | 7 +
> tools/virtiofsd/fuse_lowlevel.c | 162 +++++--
> tools/virtiofsd/helper.c | 1 +
> tools/virtiofsd/passthrough_ll.c | 414 ++++++++++++++++--
> 32 files changed, 1013 insertions(+), 132 deletions(-)
> create mode 100644 include/standard-headers/linux/virtio_gpio.h
> create mode 100644 include/standard-headers/linux/virtio_i2c.h
> create mode 100644 include/standard-headers/linux/virtio_pcidev.h
> create mode 100644 include/standard-headers/linux/virtio_scmi.h
> create mode 100644 linux-headers/asm-riscv/bitsperlong.h
> create mode 100644 linux-headers/asm-riscv/mman.h
> create mode 100644 linux-headers/asm-riscv/unistd.h
>
> --
> 2.34.1
>
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
- [PATCH v5 8/9] virtiofsd: Create new file using O_TMPFILE and set security context, (continued)
- [PATCH v5 8/9] virtiofsd: Create new file using O_TMPFILE and set security context, Vivek Goyal, 2022/02/02
- [PATCH v5 6/9] virtiofsd: Move core file creation code in separate function, Vivek Goyal, 2022/02/02
- [PATCH v5 3/9] virtiofsd: Parse extended "struct fuse_init_in", Vivek Goyal, 2022/02/02
- [PATCH v5 2/9] linux-headers: Update headers to v5.17-rc1, Vivek Goyal, 2022/02/02
- [PATCH v5 7/9] virtiofsd: Create new file with fscreate set, Vivek Goyal, 2022/02/02
- Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation,
Dr. David Alan Gilbert <=
- Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Daniel P . Berrangé, 2022/02/07
- Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Vivek Goyal, 2022/02/07