diff options
| author | Venkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com> | 2010-06-14 13:34:47 -0700 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2010-06-22 15:15:51 -0500 |
| commit | 879c28133dfa54b780dffbb29e4dcfc6581f6281 (patch) | |
| tree | a6051be7d59bc70cb1bf7af6c11248404dcd9c60 /hw/virtio-9p-local.c | |
| parent | 00ec5c37601accb2b85b089d72fc7ddff2f4222e (diff) | |
virtio-9p: Security model for symlink and readlink
Mapped mode stores extended attributes in the user space of the extended
attributes. Given that the user space extended attributes are available
to regular files only, special files are created as regular files on the
fileserver and appropriate mode bits are added to the extended attributes.
This method presents all special files and symlinks as regular files on the
fileserver while they are represented as special files on the guest mount.
Implemntation of symlink in mapped security model:
A regular file is created and the link target is written to it.
readlink() reads it back from the file.
On Guest/Client:
lrwxrwxrwx 1 root root 6 2010-05-11 12:20 asymlink -> afile
On Host/Fileserver:
-rw-------. 1 root root 6 2010-05-11 09:20 asymlink
afile
Under passthrough model, it just calls underlying symlink() readlink()
system calls are used.
Under both security models, client user credentials are changed
after the filesystem objec creation.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'hw/virtio-9p-local.c')
| -rw-r--r-- | hw/virtio-9p-local.c | 75 |
1 files changed, 69 insertions, 6 deletions
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c index e99eff9639..711f2b5ca1 100644 --- a/hw/virtio-9p-local.c +++ b/hw/virtio-9p-local.c @@ -107,10 +107,25 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path, return 0; } -static ssize_t local_readlink(FsContext *ctx, const char *path, - char *buf, size_t bufsz) +static ssize_t local_readlink(FsContext *fs_ctx, const char *path, + char *buf, size_t bufsz) { - return readlink(rpath(ctx, path), buf, bufsz); + ssize_t tsize = -1; + if (fs_ctx->fs_sm == SM_MAPPED) { + int fd; + fd = open(rpath(fs_ctx, path), O_RDONLY); + if (fd == -1) { + return -1; + } + do { + tsize = read(fd, (void *)buf, bufsz); + } while (tsize == -1 && errno == EINTR); + close(fd); + return tsize; + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + tsize = readlink(rpath(fs_ctx, path), buf, bufsz); + } + return tsize; } static int local_close(FsContext *ctx, int fd) @@ -314,10 +329,58 @@ err_end: } -static int local_symlink(FsContext *ctx, const char *oldpath, - const char *newpath) +static int local_symlink(FsContext *fs_ctx, const char *oldpath, + const char *newpath, FsCred *credp) { - return symlink(oldpath, rpath(ctx, newpath)); + int err = -1; + int serrno = 0; + + /* Determine the security model */ + if (fs_ctx->fs_sm == SM_MAPPED) { + int fd; + ssize_t oldpath_size, write_size; + fd = open(rpath(fs_ctx, newpath), O_CREAT|O_EXCL|O_RDWR, + SM_LOCAL_MODE_BITS); + if (fd == -1) { + return fd; + } + /* Write the oldpath (target) to the file. */ + oldpath_size = strlen(oldpath) + 1; + do { + write_size = write(fd, (void *)oldpath, oldpath_size); + } while (write_size == -1 && errno == EINTR); + + if (write_size != oldpath_size) { + serrno = errno; + close(fd); + err = -1; + goto err_end; + } + close(fd); + /* Set cleint credentials in symlink's xattr */ + credp->fc_mode = credp->fc_mode|S_IFLNK; + err = local_set_xattr(rpath(fs_ctx, newpath), credp); + if (err == -1) { + serrno = errno; + goto err_end; + } + } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + err = symlink(oldpath, rpath(fs_ctx, newpath)); + if (err) { + return err; + } + err = lchown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid); + if (err == -1) { + serrno = errno; + goto err_end; + } + } + return err; + +err_end: + remove(rpath(fs_ctx, newpath)); + errno = serrno; + return err; } static int local_link(FsContext *ctx, const char *oldpath, const char *newpath) |