diff options
| author | Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> | 2010-09-02 11:09:07 +0530 |
|---|---|---|
| committer | Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> | 2010-09-08 22:56:42 +0530 |
| commit | 12848bfc5d719bad536c5448205a3226be1fda47 (patch) | |
| tree | effc981bb557fd172a70e06eef5596cb17be51e0 /hw/virtio-9p-local.c | |
| parent | 61b6c4994a6e4a8adf3bd0950fc4f6a2d23c0c1f (diff) | |
virtio-9p: Add SM_NONE security model
This is equivalent to SM_PASSTHROUGH security model.
The only exception is, failure of privilige operation like chown
are ignored. This makes a passthrough like security model usable
for people who runs kvm as non root
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Diffstat (limited to 'hw/virtio-9p-local.c')
| -rw-r--r-- | hw/virtio-9p-local.c | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c index 3fc1712416..58e7647da5 100644 --- a/hw/virtio-9p-local.c +++ b/hw/virtio-9p-local.c @@ -102,7 +102,13 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path, return -1; } if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) { - return -1; + /* + * If we fail to change ownership and if we are + * using security model none. Ignore the error + */ + if (fs_ctx->fs_sm != SM_NONE) { + return -1; + } } return 0; } @@ -122,7 +128,8 @@ static ssize_t local_readlink(FsContext *fs_ctx, const char *path, } while (tsize == -1 && errno == EINTR); close(fd); return tsize; - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { tsize = readlink(rpath(fs_ctx, path), buf, bufsz); } return tsize; @@ -189,7 +196,8 @@ static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp) { if (fs_ctx->fs_sm == SM_MAPPED) { return local_set_xattr(rpath(fs_ctx, path), credp); - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { return chmod(rpath(fs_ctx, path), credp->fc_mode); } return -1; @@ -211,7 +219,8 @@ static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp) serrno = errno; goto err_end; } - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { err = mknod(rpath(fs_ctx, path), credp->fc_mode, credp->fc_rdev); if (err == -1) { return err; @@ -247,7 +256,8 @@ static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp) serrno = errno; goto err_end; } - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { err = mkdir(rpath(fs_ctx, path), credp->fc_mode); if (err == -1) { return err; @@ -316,7 +326,8 @@ static int local_open2(FsContext *fs_ctx, const char *path, int flags, serrno = errno; goto err_end; } - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { fd = open(rpath(fs_ctx, path), flags, credp->fc_mode); if (fd == -1) { return fd; @@ -372,15 +383,23 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, serrno = errno; goto err_end; } - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { err = symlink(oldpath, rpath(fs_ctx, newpath)); if (err) { return err; } err = lchown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid); if (err == -1) { - serrno = errno; - goto err_end; + /* + * If we fail to change ownership and if we are + * using security model none. Ignore the error + */ + if (fs_ctx->fs_sm != SM_NONE) { + serrno = errno; + goto err_end; + } else + err = 0; } } return err; @@ -447,7 +466,8 @@ static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp) return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); } else if (fs_ctx->fs_sm == SM_MAPPED) { return local_set_xattr(rpath(fs_ctx, path), credp); - } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) { + } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) || + (fs_ctx->fs_sm == SM_NONE)) { return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid); } return -1; |