qemu/tools/virtiofsd
Vivek Goyal a675c9a600 virtiofsd: Create new file using O_TMPFILE and set security context
If guest and host policies can't work with each other, then guest security
context (selinux label) needs to be set into an xattr. Say remap guest
security.selinux xattr to trusted.virtiofs.security.selinux.

That means setting "fscreate" is not going to help as that's ony useful
for security.selinux xattr on host.

So we need another method which is atomic. Use O_TMPFILE to create new
file, set xattr and then linkat() to proper place.

But this works only for regular files. So dir, symlinks will continue
to be non-atomic.

Also if host filesystem does not support O_TMPFILE, we fallback to
non-atomic behavior.

Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20220208204813.682906-10-vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2022-02-17 17:22:26 +00:00
..
50-qemu-virtiofsd.json.in virtiofsd: add vhost-user.json file 2020-01-23 16:41:36 +00:00
buffer.c tools/virtiofsd/buffer.c: replaced a calloc call with GLib's g_try_new0 2021-05-26 18:39:32 +01:00
fuse_common.h virtiofsd, fuse_lowlevel.c: Add capability to parse security context 2022-02-17 17:22:26 +00:00
fuse_i.h virtiofsd, fuse_lowlevel.c: Add capability to parse security context 2022-02-17 17:22:26 +00:00
fuse_log.c Clean up includes 2020-12-10 17:16:44 +01:00
fuse_log.h Clean up includes 2020-12-10 17:16:44 +01:00
fuse_lowlevel.c virtiofsd, fuse_lowlevel.c: Add capability to parse security context 2022-02-17 17:22:26 +00:00
fuse_lowlevel.h spelling: sytem => system 2021-09-15 15:51:07 +02:00
fuse_misc.h Clean up includes 2020-12-10 17:16:44 +01:00
fuse_opt.c tools/virtiofsd/fuse_opt.c: Replaced a malloc with GLib's g_try_malloc 2021-05-26 18:39:32 +01:00
fuse_opt.h virtiofsd: Format imported files to qemu style 2020-01-23 16:41:36 +00:00
fuse_signals.c Clean up includes 2020-12-10 17:16:44 +01:00
fuse_virtio.c virtiofsd: Error on bad socket group name 2021-10-25 19:38:32 +01:00
fuse_virtio.h virtiofsd: cleanup allocated resource in se 2020-01-23 16:41:37 +00:00
helper.c virtiofsd: Add an option to enable/disable posix acls 2021-07-05 10:51:26 +01:00
meson.build libvhost-user: make it a meson subproject 2020-12-08 13:48:58 -05:00
passthrough_helpers.h virtiofsd: Format imported files to qemu style 2020-01-23 16:41:36 +00:00
passthrough_ll.c virtiofsd: Create new file using O_TMPFILE and set security context 2022-02-17 17:22:26 +00:00
passthrough_seccomp.c tools/virtiofsd: Add rseq syscall to the seccomp allowlist 2022-02-14 17:11:20 +00:00
passthrough_seccomp.h Clean up includes 2020-12-10 17:16:44 +01:00