Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at f

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at f

From:	Dr. David Alan Gilbert
Subject:	Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation
Date:	Mon, 7 Feb 2022 12:49:24 +0000
User-agent:	Mutt/2.1.5 (2021-12-30)

* Vivek Goyal (vgoyal@redhat.com) wrote:
> Hi,
> 
> This is V5 of the patches. I posted V4 here.
> 
> https://listman.redhat.com/archives/virtio-fs/2022-January/msg00041.html
> 
> These will allow us to support SELinux with virtiofs. This will send
> SELinux context at file creation to server and server can set it on
> file.

I think that's pretty close; I've got some minor comments I've replied
to on the individual patches.

I do worry that the number of different paths for each operation is now
quite large so hard to test.
I also wonder what happens on something other than SELinux.

Dave

> Changes since V4
> ----------------
> - Parse only known current size of fuse_init_in. This will make sure
>   that future extension does not break existing code upon header
>   update. (David Gilbert)
> 
> - Changed order of one of the patch. It is first patch in series. This
>   will help fix the breakage before header update patch and code remains
>   git bisectable. (David Gilbert)
> 
> - Changed %lx to %llx at one place. (David Gilbert).
> 
> Thanks
> Vivek
>  
> Vivek Goyal (9):
>   virtiofsd: Fix breakage due to fuse_init_in size change
>   linux-headers: Update headers to v5.17-rc1
>   virtiofsd: Parse extended "struct fuse_init_in"
>   virtiofsd: Extend size of fuse_conn_info->capable and ->want fields
>   virtiofsd, fuse_lowlevel.c: Add capability to parse security context
>   virtiofsd: Move core file creation code in separate function
>   virtiofsd: Create new file with fscreate set
>   virtiofsd: Create new file using O_TMPFILE and set security context
>   virtiofsd: Add an option to enable/disable security label
> 
>  docs/tools/virtiofsd.rst                      |   7 +
>  include/standard-headers/asm-x86/kvm_para.h   |   1 +
>  include/standard-headers/drm/drm_fourcc.h     |  11 +
>  include/standard-headers/linux/ethtool.h      |   1 +
>  include/standard-headers/linux/fuse.h         |  60 ++-
>  include/standard-headers/linux/pci_regs.h     | 142 +++---
>  include/standard-headers/linux/virtio_gpio.h  |  72 +++
>  include/standard-headers/linux/virtio_i2c.h   |  47 ++
>  include/standard-headers/linux/virtio_iommu.h |   8 +-
>  .../standard-headers/linux/virtio_pcidev.h    |  65 +++
>  include/standard-headers/linux/virtio_scmi.h  |  24 +
>  linux-headers/asm-generic/unistd.h            |   5 +-
>  linux-headers/asm-mips/unistd_n32.h           |   2 +
>  linux-headers/asm-mips/unistd_n64.h           |   2 +
>  linux-headers/asm-mips/unistd_o32.h           |   2 +
>  linux-headers/asm-powerpc/unistd_32.h         |   2 +
>  linux-headers/asm-powerpc/unistd_64.h         |   2 +
>  linux-headers/asm-riscv/bitsperlong.h         |  14 +
>  linux-headers/asm-riscv/mman.h                |   1 +
>  linux-headers/asm-riscv/unistd.h              |  44 ++
>  linux-headers/asm-s390/unistd_32.h            |   2 +
>  linux-headers/asm-s390/unistd_64.h            |   2 +
>  linux-headers/asm-x86/kvm.h                   |  16 +-
>  linux-headers/asm-x86/unistd_32.h             |   1 +
>  linux-headers/asm-x86/unistd_64.h             |   1 +
>  linux-headers/asm-x86/unistd_x32.h            |   1 +
>  linux-headers/linux/kvm.h                     |  17 +
>  tools/virtiofsd/fuse_common.h                 |   9 +-
>  tools/virtiofsd/fuse_i.h                      |   7 +
>  tools/virtiofsd/fuse_lowlevel.c               | 162 +++++--
>  tools/virtiofsd/helper.c                      |   1 +
>  tools/virtiofsd/passthrough_ll.c              | 414 ++++++++++++++++--
>  32 files changed, 1013 insertions(+), 132 deletions(-)
>  create mode 100644 include/standard-headers/linux/virtio_gpio.h
>  create mode 100644 include/standard-headers/linux/virtio_i2c.h
>  create mode 100644 include/standard-headers/linux/virtio_pcidev.h
>  create mode 100644 include/standard-headers/linux/virtio_scmi.h
>  create mode 100644 linux-headers/asm-riscv/bitsperlong.h
>  create mode 100644 linux-headers/asm-riscv/mman.h
>  create mode 100644 linux-headers/asm-riscv/unistd.h
> 
> -- 
> 2.34.1
> 
-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH v5 8/9] virtiofsd: Create new file using O_TMPFILE and set security context, (continued)
- [PATCH v5 8/9] virtiofsd: Create new file using O_TMPFILE and set security context, Vivek Goyal, 2022/02/02
  - Re: [PATCH v5 8/9] virtiofsd: Create new file using O_TMPFILE and set security context, Dr. David Alan Gilbert, 2022/02/07
- [PATCH v5 6/9] virtiofsd: Move core file creation code in separate function, Vivek Goyal, 2022/02/02
- [PATCH v5 3/9] virtiofsd: Parse extended "struct fuse_init_in", Vivek Goyal, 2022/02/02
  - Re: [PATCH v5 3/9] virtiofsd: Parse extended "struct fuse_init_in", Dr. David Alan Gilbert, 2022/02/03
    - Re: [PATCH v5 3/9] virtiofsd: Parse extended "struct fuse_init_in", Vivek Goyal, 2022/02/07
- [PATCH v5 2/9] linux-headers: Update headers to v5.17-rc1, Vivek Goyal, 2022/02/02
- [PATCH v5 7/9] virtiofsd: Create new file with fscreate set, Vivek Goyal, 2022/02/02
  - Re: [PATCH v5 7/9] virtiofsd: Create new file with fscreate set, Dr. David Alan Gilbert, 2022/02/07
    - Re: [PATCH v5 7/9] virtiofsd: Create new file with fscreate set, Vivek Goyal, 2022/02/07
- Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Dr. David Alan Gilbert <=
  - Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Vivek Goyal, 2022/02/07
    - Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Dr. David Alan Gilbert, 2022/02/07
- Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Daniel P . Berrangé, 2022/02/07
  - Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Vivek Goyal, 2022/02/07
    - Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Daniel P . Berrangé, 2022/02/07
    - Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Vivek Goyal, 2022/02/07
  - Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Vivek Goyal, 2022/02/07
    - Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Daniel Walsh, 2022/02/07
    - Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, Daniel P . Berrangé, 2022/02/08
    - Re: [Virtio-fs] [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation, German Maglione, 2022/02/09

Prev by Date: Re: [PATCH v5 9/9] virtiofsd: Add an option to enable/disable security label
Next by Date: Re: [PATCH v8 1/5] QIOChannel: Add flags on io_writev and introduce io_flush callback
Previous by thread: Re: [PATCH v5 7/9] virtiofsd: Create new file with fscreate set
Next by thread: Re: [PATCH v5 0/9] virtiofsd: Add support for file security context at file creation
Index(es):
- Date
- Thread