aboutsummaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>2010-09-02 11:09:07 +0530
committerAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>2010-09-08 22:56:42 +0530
commit12848bfc5d719bad536c5448205a3226be1fda47 (patch)
treeeffc981bb557fd172a70e06eef5596cb17be51e0 /hw
parent61b6c4994a6e4a8adf3bd0950fc4f6a2d23c0c1f (diff)
virtio-9p: Add SM_NONE security model
This is equivalent to SM_PASSTHROUGH security model. The only exception is, failure of privilige operation like chown are ignored. This makes a passthrough like security model usable for people who runs kvm as non root Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Diffstat (limited to 'hw')
-rw-r--r--hw/file-op-9p.h15
-rw-r--r--hw/virtio-9p-local.c40
-rw-r--r--hw/virtio-9p.c12
3 files changed, 52 insertions, 15 deletions
diff --git a/hw/file-op-9p.h b/hw/file-op-9p.h
index e54f3585ea..017183d142 100644
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -24,8 +24,19 @@
typedef enum
{
- SM_PASSTHROUGH = 1, /* uid/gid set on fileserver files */
- SM_MAPPED, /* uid/gid part of xattr */
+ /*
+ * Server will try to set uid/gid.
+ * On failure ignore the error.
+ */
+ SM_NONE = 0,
+ /*
+ * uid/gid set on fileserver files
+ */
+ SM_PASSTHROUGH = 1,
+ /*
+ * uid/gid part of xattr
+ */
+ SM_MAPPED,
} SecModel;
typedef struct FsCred
diff --git a/hw/virtio-9p-local.c b/hw/virtio-9p-local.c
index 3fc1712416..58e7647da5 100644
--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -102,7 +102,13 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
return -1;
}
if (chown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid) < 0) {
- return -1;
+ /*
+ * If we fail to change ownership and if we are
+ * using security model none. Ignore the error
+ */
+ if (fs_ctx->fs_sm != SM_NONE) {
+ return -1;
+ }
}
return 0;
}
@@ -122,7 +128,8 @@ static ssize_t local_readlink(FsContext *fs_ctx, const char *path,
} while (tsize == -1 && errno == EINTR);
close(fd);
return tsize;
- } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+ } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+ (fs_ctx->fs_sm == SM_NONE)) {
tsize = readlink(rpath(fs_ctx, path), buf, bufsz);
}
return tsize;
@@ -189,7 +196,8 @@ static int local_chmod(FsContext *fs_ctx, const char *path, FsCred *credp)
{
if (fs_ctx->fs_sm == SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path), credp);
- } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+ } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+ (fs_ctx->fs_sm == SM_NONE)) {
return chmod(rpath(fs_ctx, path), credp->fc_mode);
}
return -1;
@@ -211,7 +219,8 @@ static int local_mknod(FsContext *fs_ctx, const char *path, FsCred *credp)
serrno = errno;
goto err_end;
}
- } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+ } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+ (fs_ctx->fs_sm == SM_NONE)) {
err = mknod(rpath(fs_ctx, path), credp->fc_mode, credp->fc_rdev);
if (err == -1) {
return err;
@@ -247,7 +256,8 @@ static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
serrno = errno;
goto err_end;
}
- } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+ } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+ (fs_ctx->fs_sm == SM_NONE)) {
err = mkdir(rpath(fs_ctx, path), credp->fc_mode);
if (err == -1) {
return err;
@@ -316,7 +326,8 @@ static int local_open2(FsContext *fs_ctx, const char *path, int flags,
serrno = errno;
goto err_end;
}
- } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+ } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+ (fs_ctx->fs_sm == SM_NONE)) {
fd = open(rpath(fs_ctx, path), flags, credp->fc_mode);
if (fd == -1) {
return fd;
@@ -372,15 +383,23 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
serrno = errno;
goto err_end;
}
- } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+ } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+ (fs_ctx->fs_sm == SM_NONE)) {
err = symlink(oldpath, rpath(fs_ctx, newpath));
if (err) {
return err;
}
err = lchown(rpath(fs_ctx, newpath), credp->fc_uid, credp->fc_gid);
if (err == -1) {
- serrno = errno;
- goto err_end;
+ /*
+ * If we fail to change ownership and if we are
+ * using security model none. Ignore the error
+ */
+ if (fs_ctx->fs_sm != SM_NONE) {
+ serrno = errno;
+ goto err_end;
+ } else
+ err = 0;
}
}
return err;
@@ -447,7 +466,8 @@ static int local_chown(FsContext *fs_ctx, const char *path, FsCred *credp)
return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
} else if (fs_ctx->fs_sm == SM_MAPPED) {
return local_set_xattr(rpath(fs_ctx, path), credp);
- } else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
+ } else if ((fs_ctx->fs_sm == SM_PASSTHROUGH) ||
+ (fs_ctx->fs_sm == SM_NONE)) {
return lchown(rpath(fs_ctx, path), credp->fc_uid, credp->fc_gid);
}
return -1;
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index a2ca422abc..4127439cf0 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -3546,12 +3546,18 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
* Client user credentials are saved in extended attributes.
*/
s->ctx.fs_sm = SM_MAPPED;
+ } else if (!strcmp(fse->security_model, "none")) {
+ /*
+ * Files on the fileserver are set to QEMU credentials.
+ */
+ s->ctx.fs_sm = SM_NONE;
+
} else {
- /* user haven't specified a correct security option */
- fprintf(stderr, "one of the following must be specified as the"
+ fprintf(stderr, "Default to security_model=none. You may want"
+ " enable advanced security model using "
"security option:\n\t security_model=passthrough \n\t "
"security_model=mapped\n");
- return NULL;
+ s->ctx.fs_sm = SM_NONE;
}
if (lstat(fse->path, &stat)) {