diff options
| author | Venkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com> | 2010-06-14 13:34:41 -0700 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2010-06-22 15:15:50 -0500 |
| commit | 758e8e38eb582e3dc87fd55a1d234c25108a7b7f (patch) | |
| tree | a8925a3d8c7741347c30e16ecd93da8b64ba8be4 /hw/virtio-9p-local.c | |
| parent | 9ce56db6f0de81fd81972029073ff8008830bc02 (diff) | |
virtio-9p: Make infrastructure for the new security model.
This patch adds required infrastructure for the new security model.
- A new configure option for attr/xattr.
- if CONFIG_VIRTFS will be defined if both CONFIG_LINUX and CONFIG_ATTR defined.
- Defines routines related to both security models.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'hw/virtio-9p-local.c')
| -rw-r--r-- | hw/virtio-9p-local.c | 65 |
1 files changed, 30 insertions, 35 deletions
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c index 1afb731548..056b4ba04b 100644 --- a/hw/virtio-9p-local.c +++ b/hw/virtio-9p-local.c @@ -17,6 +17,7 @@ #include <grp.h> #include <sys/socket.h> #include <sys/un.h> +#include <attr/xattr.h> static const char *rpath(FsContext *ctx, const char *path) { @@ -31,45 +32,37 @@ static int local_lstat(FsContext *ctx, const char *path, struct stat *stbuf) return lstat(rpath(ctx, path), stbuf); } -static int local_setuid(FsContext *ctx, uid_t uid) +static int local_set_xattr(const char *path, FsCred *credp) { - struct passwd *pw; - gid_t groups[33]; - int ngroups; - static uid_t cur_uid = -1; - - if (cur_uid == uid) { - return 0; - } - - if (setreuid(0, 0)) { - return -1; - } - - pw = getpwuid(uid); - if (pw == NULL) { - return -1; - } - - ngroups = 33; - if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1) { - return -1; + int err; + if (credp->fc_uid != -1) { + err = setxattr(path, "user.virtfs.uid", &credp->fc_uid, sizeof(uid_t), + 0); + if (err) { + return err; + } } - - if (setgroups(ngroups, groups)) { - return -1; + if (credp->fc_gid != -1) { + err = setxattr(path, "user.virtfs.gid", &credp->fc_gid, sizeof(gid_t), + 0); + if (err) { + return err; + } } - - if (setregid(-1, pw->pw_gid)) { - return -1; + if (credp->fc_mode != -1) { + err = setxattr(path, "user.virtfs.mode", &credp->fc_mode, + sizeof(mode_t), 0); + if (err) { + return err; + } } - - if (setreuid(-1, uid)) { - return -1; + if (credp->fc_rdev != -1) { + err = setxattr(path, "user.virtfs.rdev", &credp->fc_rdev, + sizeof(dev_t), 0); + if (err) { + return err; + } } - - cur_uid = uid; - return 0; } @@ -183,6 +176,7 @@ static int local_open2(FsContext *ctx, const char *path, int flags, mode_t mode) return open(rpath(ctx, path), flags, mode); } + static int local_symlink(FsContext *ctx, const char *oldpath, const char *newpath) { @@ -259,12 +253,13 @@ static int local_remove(FsContext *ctx, const char *path) static int local_fsync(FsContext *ctx, int fd) { + if (0) /* Just to supress the warning. Will be removed in next patch. */ + (void)local_set_xattr(NULL, NULL); return fsync(fd); } FileOperations local_ops = { .lstat = local_lstat, - .setuid = local_setuid, .readlink = local_readlink, .close = local_close, .closedir = local_closedir, |