aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVenkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com>2010-06-14 13:34:49 -0700
committerAnthony Liguori <aliguori@us.ibm.com>2010-06-22 15:15:51 -0500
commit63729c36924348e494d69adbbdec6fdda339b76b (patch)
tree71a99685ceef265b0ac1a3df2eeb20e47d03eeb0
parent1c29331248d82e5a9caaf7974756a9d8bd5cd1e5 (diff)
virtio-9p: Implement Security model for mksock using mknod.
This patch uses mknod to create socket. On Host/Fileserver: -rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:57 asocket1 On Guest/Client: srwxr-xr-x 1 guestuser guestuser 0 2010-05-11 12:57 asocket1 Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r--hw/file-op-9p.h1
-rw-r--r--hw/virtio-9p-local.c23
-rw-r--r--hw/virtio-9p.c25
3 files changed, 2 insertions, 47 deletions
diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
index 5bc61b5dc1..a741c93527 100644
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -52,7 +52,6 @@ typedef struct FileOperations
int (*chmod)(FsContext *, const char *, FsCred *);
int (*chown)(FsContext *, const char *, FsCred *);
int (*mknod)(FsContext *, const char *, FsCred *);
- int (*mksock)(FsContext *, const char *);
int (*utime)(FsContext *, const char *, const struct utimbuf *);
int (*remove)(FsContext *, const char *);
int (*symlink)(FsContext *, const char *, const char *, FsCred *);
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
index 791a8ba088..04f7f6f501 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -230,28 +230,6 @@ err_end:
return err;
}
-static int local_mksock(FsContext *ctx2, const char *path)
-{
- struct sockaddr_un addr;
- int s;
-
- addr.sun_family = AF_UNIX;
- snprintf(addr.sun_path, 108, "%s", rpath(ctx2, path));
-
- s = socket(PF_UNIX, SOCK_STREAM, 0);
- if (s == -1) {
- return -1;
- }
-
- if (bind(s, (struct sockaddr *)&addr, sizeof(addr))) {
- close(s);
- return -1;
- }
-
- close(s);
- return 0;
-}
-
static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
{
int err = -1;
@@ -507,7 +485,6 @@ FileOperations local_ops = {
.writev = local_writev,
.chmod = local_chmod,
.mknod = local_mknod,
- .mksock = local_mksock,
.mkdir = local_mkdir,
.fstat = local_fstat,
.open2 = local_open2,
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index d276db3762..f8c85c3d28 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -171,11 +171,6 @@ static int v9fs_do_mknod(V9fsState *s, V9fsCreateState *vs, mode_t mode,
return s->ops->mknod(&s->ctx, vs->fullname.data, &cred);
}
-static int v9fs_do_mksock(V9fsState *s, V9fsString *path)
-{
- return s->ops->mksock(&s->ctx, path->data);
-}
-
static int v9fs_do_mkdir(V9fsState *s, V9fsCreateState *vs)
{
FsCred cred;
@@ -1740,22 +1735,6 @@ out:
v9fs_post_create(s, vs, err);
}
-static void v9fs_create_post_mksock(V9fsState *s, V9fsCreateState *vs,
- int err)
-{
- if (err) {
- err = -errno;
- goto out;
- }
-
- err = v9fs_do_chmod(s, &vs->fullname, vs->perm & 0777);
- v9fs_create_post_perms(s, vs, err);
- return;
-
-out:
- v9fs_post_create(s, vs, err);
-}
-
static void v9fs_create_post_fstat(V9fsState *s, V9fsCreateState *vs, int err)
{
if (err) {
@@ -1837,8 +1816,8 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err)
err = v9fs_do_mknod(s, vs, S_IFIFO | (vs->perm & 0777), 0);
v9fs_post_create(s, vs, err);
} else if (vs->perm & P9_STAT_MODE_SOCKET) {
- err = v9fs_do_mksock(s, &vs->fullname);
- v9fs_create_post_mksock(s, vs, err);
+ err = v9fs_do_mknod(s, vs, S_IFSOCK | (vs->perm & 0777), 0);
+ v9fs_post_create(s, vs, err);
} else {
vs->fidp->fd = v9fs_do_open2(s, vs);
v9fs_create_post_open2(s, vs, err);