diff options
| author | Venkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com> | 2010-06-14 13:34:41 -0700 |
|---|---|---|
| committer | Anthony Liguori <aliguori@us.ibm.com> | 2010-06-22 15:15:50 -0500 |
| commit | 758e8e38eb582e3dc87fd55a1d234c25108a7b7f (patch) | |
| tree | a8925a3d8c7741347c30e16ecd93da8b64ba8be4 /hw/virtio-9p.c | |
| parent | 9ce56db6f0de81fd81972029073ff8008830bc02 (diff) | |
virtio-9p: Make infrastructure for the new security model.
This patch adds required infrastructure for the new security model.
- A new configure option for attr/xattr.
- if CONFIG_VIRTFS will be defined if both CONFIG_LINUX and CONFIG_ATTR defined.
- Defines routines related to both security models.
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
Diffstat (limited to 'hw/virtio-9p.c')
| -rw-r--r-- | hw/virtio-9p.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c index 253048833b..a7ba4b6abb 100644 --- a/hw/virtio-9p.c +++ b/hw/virtio-9p.c @@ -67,14 +67,17 @@ static int omode_to_uflags(int8_t mode) return ret; } -static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf) +void cred_init(FsCred *credp) { - return s->ops->lstat(&s->ctx, path->data, stbuf); + credp->fc_uid = -1; + credp->fc_gid = -1; + credp->fc_mode = -1; + credp->fc_rdev = -1; } -static int v9fs_do_setuid(V9fsState *s, uid_t uid) +static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf) { - return s->ops->setuid(&s->ctx, uid); + return s->ops->lstat(&s->ctx, path->data, stbuf); } static ssize_t v9fs_do_readlink(V9fsState *s, V9fsString *path, V9fsString *buf) @@ -348,7 +351,6 @@ static V9fsFidState *lookup_fid(V9fsState *s, int32_t fid) for (f = s->fid_list; f; f = f->next) { if (f->fid == fid) { - v9fs_do_setuid(s, f->uid); return f; } } @@ -2253,8 +2255,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf) exit(1); } - if (!strcmp(fse->security_model, "passthrough") && - !strcmp(fse->security_model, "mapped")) { + if (!strcmp(fse->security_model, "passthrough")) { + /* Files on the Fileserver set to client user credentials */ + s->ctx.fs_sm = SM_PASSTHROUGH; + } else if (!strcmp(fse->security_model, "mapped")) { + /* Files on the fileserver are set to QEMU credentials. + * Client user credentials are saved in extended attributes. + */ + s->ctx.fs_sm = SM_MAPPED; + } else { /* user haven't specified a correct security option */ fprintf(stderr, "one of the following must be specified as the" "security option:\n\t security_model=passthrough \n\t " |