virtio-9p: Introduces an option to specify the security model.

The new option is:

-fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough]
-virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag

In the case of mapped security model, files are created with QEMU user
credentials and the client-user's credentials are saved in extended attributes.
Whereas in the case of passthrough security model, files on the
filesystem are directly created with client-user's credentials.

Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
Venkateswararao Jujjuri (JV) 2010-06-14 13:34:40 -07:00 committed by Anthony Liguori
parent fac4f11147
commit 9ce56db6f0
6 changed files with 50 additions and 8 deletions

View File

@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts)
return -1; return -1;
} }
for (i = 0; i < ARRAY_SIZE(FsTypes); i++) { for (i = 0; i < ARRAY_SIZE(FsTypes); i++) {
if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) { if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
break; break;
} }
@ -46,10 +46,17 @@ int qemu_fsdev_add(QemuOpts *opts)
return -1; return -1;
} }
if (qemu_opt_get(opts, "security_model") == NULL) {
fprintf(stderr, "fsdev: No security_model specified.\n");
return -1;
}
fsle = qemu_malloc(sizeof(*fsle)); fsle = qemu_malloc(sizeof(*fsle));
fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts)); fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path")); fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
"security_model"));
fsle->fse.ops = FsTypes[i].ops; fsle->fse.ops = FsTypes[i].ops;
QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next); QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);

View File

@ -40,6 +40,7 @@ typedef struct FsTypeTable {
typedef struct FsTypeEntry { typedef struct FsTypeEntry {
char *fsdev_id; char *fsdev_id;
char *path; char *path;
char *security_model;
FileOperations *ops; FileOperations *ops;
} FsTypeEntry; } FsTypeEntry;

View File

@ -2253,6 +2253,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
exit(1); exit(1);
} }
if (!strcmp(fse->security_model, "passthrough") &&
!strcmp(fse->security_model, "mapped")) {
/* user haven't specified a correct security option */
fprintf(stderr, "one of the following must be specified as the"
"security option:\n\t security_model=passthrough \n\t "
"security_model=mapped\n");
return NULL;
}
if (lstat(fse->path, &stat)) { if (lstat(fse->path, &stat)) {
fprintf(stderr, "share path %s does not exist\n", fse->path); fprintf(stderr, "share path %s does not exist\n", fse->path);
exit(1); exit(1);

View File

@ -163,6 +163,9 @@ QemuOptsList qemu_fsdev_opts = {
}, { }, {
.name = "path", .name = "path",
.type = QEMU_OPT_STRING, .type = QEMU_OPT_STRING,
}, {
.name = "security_model",
.type = QEMU_OPT_STRING,
}, },
{ /*End of list */ } { /*End of list */ }
}, },
@ -184,6 +187,9 @@ QemuOptsList qemu_virtfs_opts = {
}, { }, {
.name = "mount_tag", .name = "mount_tag",
.type = QEMU_OPT_STRING, .type = QEMU_OPT_STRING,
}, {
.name = "security_model",
.type = QEMU_OPT_STRING,
}, },
{ /*End of list */ } { /*End of list */ }

View File

@ -486,7 +486,7 @@ ETEXI
DEFHEADING(File system options:) DEFHEADING(File system options:)
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
"-fsdev local,id=id,path=path\n", "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
QEMU_ARCH_ALL) QEMU_ARCH_ALL)
STEXI STEXI
@ -502,7 +502,7 @@ The specific Fstype will determine the applicable options.
Options to each backend are described below. Options to each backend are described below.
@item -fsdev local ,id=@var{id} ,path=@var{path} @item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model}
Create a file-system-"device" for local-filesystem. Create a file-system-"device" for local-filesystem.
@ -510,6 +510,9 @@ Create a file-system-"device" for local-filesystem.
@option{path} specifies the path to be exported. @option{path} is required. @option{path} specifies the path to be exported. @option{path} is required.
@option{security_model} specifies the security model to be followed.
@option{security_model} is required.
@end table @end table
ETEXI ETEXI
#endif #endif
@ -518,7 +521,7 @@ ETEXI
DEFHEADING(Virtual File system pass-through options:) DEFHEADING(Virtual File system pass-through options:)
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
"-virtfs local,path=path,mount_tag=tag\n", "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
QEMU_ARCH_ALL) QEMU_ARCH_ALL)
STEXI STEXI
@ -534,7 +537,7 @@ The specific Fstype will determine the applicable options.
Options to each backend are described below. Options to each backend are described below.
@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} @item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model}
Create a Virtual file-system-pass through for local-filesystem. Create a Virtual file-system-pass through for local-filesystem.
@ -542,6 +545,10 @@ Create a Virtual file-system-pass through for local-filesystem.
@option{path} specifies the path to be exported. @option{path} is required. @option{path} specifies the path to be exported. @option{path} is required.
@option{security_model} specifies the security model to be followed.
@option{security_model} is required.
@option{mount_tag} specifies the tag with which the exported file is mounted. @option{mount_tag} specifies the tag with which the exported file is mounted.
@option{mount_tag} is required. @option{mount_tag} is required.

18
vl.c
View File

@ -2300,10 +2300,21 @@ int main(int argc, char **argv, char **envp)
exit(1); exit(1);
} }
len = strlen(",id=,path="); if (qemu_opt_get(opts, "fstype") == NULL ||
qemu_opt_get(opts, "mount_tag") == NULL ||
qemu_opt_get(opts, "path") == NULL ||
qemu_opt_get(opts, "security_model") == NULL) {
fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
"security_model=[mapped|passthrough],"
"mnt_tag=tag.\n");
exit(1);
}
len = strlen(",id=,path=,security_model=");
len += strlen(qemu_opt_get(opts, "fstype")); len += strlen(qemu_opt_get(opts, "fstype"));
len += strlen(qemu_opt_get(opts, "mount_tag")); len += strlen(qemu_opt_get(opts, "mount_tag"));
len += strlen(qemu_opt_get(opts, "path")); len += strlen(qemu_opt_get(opts, "path"));
len += strlen(qemu_opt_get(opts, "security_model"));
arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev)); arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
if (!arg_fsdev) { if (!arg_fsdev) {
@ -2312,10 +2323,11 @@ int main(int argc, char **argv, char **envp)
exit(1); exit(1);
} }
sprintf(arg_fsdev, "%s,id=%s,path=%s", sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
qemu_opt_get(opts, "fstype"), qemu_opt_get(opts, "fstype"),
qemu_opt_get(opts, "mount_tag"), qemu_opt_get(opts, "mount_tag"),
qemu_opt_get(opts, "path")); qemu_opt_get(opts, "path"),
qemu_opt_get(opts, "security_model"));
len = strlen("virtio-9p-pci,fsdev=,mount_tag="); len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
len += 2*strlen(qemu_opt_get(opts, "mount_tag")); len += 2*strlen(qemu_opt_get(opts, "mount_tag"));