virtio-9p: Introduces an option to specify the security model.
The new option is: -fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough] -virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag In the case of mapped security model, files are created with QEMU user credentials and the client-user's credentials are saved in extended attributes. Whereas in the case of passthrough security model, files on the filesystem are directly created with client-user's credentials. Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
parent
fac4f11147
commit
9ce56db6f0
@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < ARRAY_SIZE(FsTypes); i++) {
|
for (i = 0; i < ARRAY_SIZE(FsTypes); i++) {
|
||||||
if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
|
if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -46,10 +46,17 @@ int qemu_fsdev_add(QemuOpts *opts)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (qemu_opt_get(opts, "security_model") == NULL) {
|
||||||
|
fprintf(stderr, "fsdev: No security_model specified.\n");
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
|
||||||
fsle = qemu_malloc(sizeof(*fsle));
|
fsle = qemu_malloc(sizeof(*fsle));
|
||||||
|
|
||||||
fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
|
fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
|
||||||
fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
|
fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
|
||||||
|
fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
|
||||||
|
"security_model"));
|
||||||
fsle->fse.ops = FsTypes[i].ops;
|
fsle->fse.ops = FsTypes[i].ops;
|
||||||
|
|
||||||
QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
|
QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
|
||||||
|
@ -40,6 +40,7 @@ typedef struct FsTypeTable {
|
|||||||
typedef struct FsTypeEntry {
|
typedef struct FsTypeEntry {
|
||||||
char *fsdev_id;
|
char *fsdev_id;
|
||||||
char *path;
|
char *path;
|
||||||
|
char *security_model;
|
||||||
FileOperations *ops;
|
FileOperations *ops;
|
||||||
} FsTypeEntry;
|
} FsTypeEntry;
|
||||||
|
|
||||||
|
@ -2253,6 +2253,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
|
|||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!strcmp(fse->security_model, "passthrough") &&
|
||||||
|
!strcmp(fse->security_model, "mapped")) {
|
||||||
|
/* user haven't specified a correct security option */
|
||||||
|
fprintf(stderr, "one of the following must be specified as the"
|
||||||
|
"security option:\n\t security_model=passthrough \n\t "
|
||||||
|
"security_model=mapped\n");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
if (lstat(fse->path, &stat)) {
|
if (lstat(fse->path, &stat)) {
|
||||||
fprintf(stderr, "share path %s does not exist\n", fse->path);
|
fprintf(stderr, "share path %s does not exist\n", fse->path);
|
||||||
exit(1);
|
exit(1);
|
||||||
|
@ -163,6 +163,9 @@ QemuOptsList qemu_fsdev_opts = {
|
|||||||
}, {
|
}, {
|
||||||
.name = "path",
|
.name = "path",
|
||||||
.type = QEMU_OPT_STRING,
|
.type = QEMU_OPT_STRING,
|
||||||
|
}, {
|
||||||
|
.name = "security_model",
|
||||||
|
.type = QEMU_OPT_STRING,
|
||||||
},
|
},
|
||||||
{ /*End of list */ }
|
{ /*End of list */ }
|
||||||
},
|
},
|
||||||
@ -184,6 +187,9 @@ QemuOptsList qemu_virtfs_opts = {
|
|||||||
}, {
|
}, {
|
||||||
.name = "mount_tag",
|
.name = "mount_tag",
|
||||||
.type = QEMU_OPT_STRING,
|
.type = QEMU_OPT_STRING,
|
||||||
|
}, {
|
||||||
|
.name = "security_model",
|
||||||
|
.type = QEMU_OPT_STRING,
|
||||||
},
|
},
|
||||||
|
|
||||||
{ /*End of list */ }
|
{ /*End of list */ }
|
||||||
|
@ -486,7 +486,7 @@ ETEXI
|
|||||||
DEFHEADING(File system options:)
|
DEFHEADING(File system options:)
|
||||||
|
|
||||||
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
|
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
|
||||||
"-fsdev local,id=id,path=path\n",
|
"-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
|
||||||
QEMU_ARCH_ALL)
|
QEMU_ARCH_ALL)
|
||||||
|
|
||||||
STEXI
|
STEXI
|
||||||
@ -502,7 +502,7 @@ The specific Fstype will determine the applicable options.
|
|||||||
|
|
||||||
Options to each backend are described below.
|
Options to each backend are described below.
|
||||||
|
|
||||||
@item -fsdev local ,id=@var{id} ,path=@var{path}
|
@item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model}
|
||||||
|
|
||||||
Create a file-system-"device" for local-filesystem.
|
Create a file-system-"device" for local-filesystem.
|
||||||
|
|
||||||
@ -510,6 +510,9 @@ Create a file-system-"device" for local-filesystem.
|
|||||||
|
|
||||||
@option{path} specifies the path to be exported. @option{path} is required.
|
@option{path} specifies the path to be exported. @option{path} is required.
|
||||||
|
|
||||||
|
@option{security_model} specifies the security model to be followed.
|
||||||
|
@option{security_model} is required.
|
||||||
|
|
||||||
@end table
|
@end table
|
||||||
ETEXI
|
ETEXI
|
||||||
#endif
|
#endif
|
||||||
@ -518,7 +521,7 @@ ETEXI
|
|||||||
DEFHEADING(Virtual File system pass-through options:)
|
DEFHEADING(Virtual File system pass-through options:)
|
||||||
|
|
||||||
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
|
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
|
||||||
"-virtfs local,path=path,mount_tag=tag\n",
|
"-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
|
||||||
QEMU_ARCH_ALL)
|
QEMU_ARCH_ALL)
|
||||||
|
|
||||||
STEXI
|
STEXI
|
||||||
@ -534,7 +537,7 @@ The specific Fstype will determine the applicable options.
|
|||||||
|
|
||||||
Options to each backend are described below.
|
Options to each backend are described below.
|
||||||
|
|
||||||
@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag}
|
@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model}
|
||||||
|
|
||||||
Create a Virtual file-system-pass through for local-filesystem.
|
Create a Virtual file-system-pass through for local-filesystem.
|
||||||
|
|
||||||
@ -542,6 +545,10 @@ Create a Virtual file-system-pass through for local-filesystem.
|
|||||||
|
|
||||||
@option{path} specifies the path to be exported. @option{path} is required.
|
@option{path} specifies the path to be exported. @option{path} is required.
|
||||||
|
|
||||||
|
@option{security_model} specifies the security model to be followed.
|
||||||
|
@option{security_model} is required.
|
||||||
|
|
||||||
|
|
||||||
@option{mount_tag} specifies the tag with which the exported file is mounted.
|
@option{mount_tag} specifies the tag with which the exported file is mounted.
|
||||||
@option{mount_tag} is required.
|
@option{mount_tag} is required.
|
||||||
|
|
||||||
|
18
vl.c
18
vl.c
@ -2300,10 +2300,21 @@ int main(int argc, char **argv, char **envp)
|
|||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
len = strlen(",id=,path=");
|
if (qemu_opt_get(opts, "fstype") == NULL ||
|
||||||
|
qemu_opt_get(opts, "mount_tag") == NULL ||
|
||||||
|
qemu_opt_get(opts, "path") == NULL ||
|
||||||
|
qemu_opt_get(opts, "security_model") == NULL) {
|
||||||
|
fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
|
||||||
|
"security_model=[mapped|passthrough],"
|
||||||
|
"mnt_tag=tag.\n");
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
len = strlen(",id=,path=,security_model=");
|
||||||
len += strlen(qemu_opt_get(opts, "fstype"));
|
len += strlen(qemu_opt_get(opts, "fstype"));
|
||||||
len += strlen(qemu_opt_get(opts, "mount_tag"));
|
len += strlen(qemu_opt_get(opts, "mount_tag"));
|
||||||
len += strlen(qemu_opt_get(opts, "path"));
|
len += strlen(qemu_opt_get(opts, "path"));
|
||||||
|
len += strlen(qemu_opt_get(opts, "security_model"));
|
||||||
arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
|
arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
|
||||||
|
|
||||||
if (!arg_fsdev) {
|
if (!arg_fsdev) {
|
||||||
@ -2312,10 +2323,11 @@ int main(int argc, char **argv, char **envp)
|
|||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
sprintf(arg_fsdev, "%s,id=%s,path=%s",
|
sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
|
||||||
qemu_opt_get(opts, "fstype"),
|
qemu_opt_get(opts, "fstype"),
|
||||||
qemu_opt_get(opts, "mount_tag"),
|
qemu_opt_get(opts, "mount_tag"),
|
||||||
qemu_opt_get(opts, "path"));
|
qemu_opt_get(opts, "path"),
|
||||||
|
qemu_opt_get(opts, "security_model"));
|
||||||
|
|
||||||
len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
|
len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
|
||||||
len += 2*strlen(qemu_opt_get(opts, "mount_tag"));
|
len += 2*strlen(qemu_opt_get(opts, "mount_tag"));
|
||||||
|
Loading…
Reference in New Issue
Block a user