aboutsummaryrefslogtreecommitdiff
path: root/block/write-threshold.c
diff options
context:
space:
mode:
authorGreg Kurz <groug@kaod.org>2017-05-25 10:30:14 +0200
committerGreg Kurz <groug@kaod.org>2017-05-25 10:30:14 +0200
commit81ffbf5ab1458e357a761f1272105a55829b351e (patch)
tree69cb59172395b9b5f2116889b618eda8e1b30902 /block/write-threshold.c
parent3dbcf27334b6c41e74a476b55d76f60df1c4007b (diff)
9pfs: local: metadata file for the VirtFS root
When using the mapped-file security, credentials are stored in a metadata directory located in the parent directory. This is okay for all paths with the notable exception of the root path, since we don't want and probably can't create a metadata directory above the virtfs directory on the host. This patch introduces a dedicated metadata file, sitting in the virtfs root for this purpose. It relies on the fact that the "." name necessarily refers to the virtfs root. As for the metadata directory, we don't want the client to see this file. The current code only cares for readdir() but there are many other places to fix actually. The filtering logic is hence put in a separate function. Before: # ls -ld drwxr-xr-x. 3 greg greg 4096 May 5 12:49 . # chown root.root . chown: changing ownership of '.': Is a directory # ls -ld drwxr-xr-x. 3 greg greg 4096 May 5 12:49 . After: # ls -ld drwxr-xr-x. 3 greg greg 4096 May 5 12:49 . # chown root.root . # ls -ld drwxr-xr-x. 3 root root 4096 May 5 12:50 . and from the host: ls -al .virtfs_metadata_root -rwx------. 1 greg greg 26 May 5 12:50 .virtfs_metadata_root $ cat .virtfs_metadata_root virtfs.uid=0 virtfs.gid=0 Reported-by: Leo Gaspard <leo@gaspard.io> Signed-off-by: Greg Kurz <groug@kaod.org> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Leo Gaspard <leo@gaspard.io> [groug: work around a patchew false positive in local_set_mapped_file_attrat()]
Diffstat (limited to 'block/write-threshold.c')
0 files changed, 0 insertions, 0 deletions