diff options
| author | Tobias Schramm <tobleminer@gmail.com> | 2017-06-29 15:11:50 +0200 |
|---|---|---|
| committer | Greg Kurz <groug@kaod.org> | 2017-06-29 15:11:50 +0200 |
| commit | b96feb2cb9b2714bffa342b1d4f39d8db71329ba (patch) | |
| tree | e7a81567660c5cf379f78f532e288ef2d3174838 /qemu-options.hx | |
| parent | 790db7efdbe1536acf1c4f4f95a0316dbda59433 (diff) | |
9pfs: local: Add support for custom fmode/dmode in 9ps mapped security modes
In mapped security modes, files are created with very restrictive
permissions (600 for files and 700 for directories). This makes
file sharing between virtual machines and users on the host rather
complicated. Imagine eg. a group of users that need to access data
produced by processes on a virtual machine. Giving those users access
to the data will be difficult since the group access mode is always 0.
This patch makes the default mode for both files and directories
configurable. Existing setups that don't know about the new parameters
keep using the current secure behavior.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
Diffstat (limited to 'qemu-options.hx')
| -rw-r--r-- | qemu-options.hx | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/qemu-options.hx b/qemu-options.hx index 896ff177c3..297bd8aca4 100644 --- a/qemu-options.hx +++ b/qemu-options.hx @@ -1010,7 +1010,7 @@ ETEXI DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, "-fsdev fsdriver,id=id[,path=path,][security_model={mapped-xattr|mapped-file|passthrough|none}]\n" - " [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd]\n" + " [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd][,fmode=fmode][,dmode=dmode]\n" " [[,throttling.bps-total=b]|[[,throttling.bps-read=r][,throttling.bps-write=w]]]\n" " [[,throttling.iops-total=i]|[[,throttling.iops-read=r][,throttling.iops-write=w]]]\n" " [[,throttling.bps-total-max=bm]|[[,throttling.bps-read-max=rm][,throttling.bps-write-max=wm]]]\n" @@ -1020,7 +1020,7 @@ DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev, STEXI -@item -fsdev @var{fsdriver},id=@var{id},path=@var{path},[security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}] +@item -fsdev @var{fsdriver},id=@var{id},path=@var{path},[security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}][,fmode=@var{fmode}][,dmode=@var{dmode}] @findex -fsdev Define a new file system device. Valid options are: @table @option @@ -1061,6 +1061,12 @@ with virtfs-proxy-helper Enables proxy filesystem driver to use passed socket descriptor for communicating with virtfs-proxy-helper. Usually a helper like libvirt will create socketpair and pass one of the fds as sock_fd +@item fmode=@var{fmode} +Specifies the default mode for newly created files on the host. Works only +with security models "mapped-xattr" and "mapped-file". +@item dmode=@var{dmode} +Specifies the default mode for newly created directories on the host. Works +only with security models "mapped-xattr" and "mapped-file". @end table -fsdev option is used along with -device driver "virtio-9p-pci". @@ -1077,12 +1083,12 @@ ETEXI DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs, "-virtfs local,path=path,mount_tag=tag,security_model=[mapped-xattr|mapped-file|passthrough|none]\n" - " [,id=id][,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd]\n", + " [,id=id][,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd][,fmode=fmode][,dmode=dmode]\n", QEMU_ARCH_ALL) STEXI -@item -virtfs @var{fsdriver}[,path=@var{path}],mount_tag=@var{mount_tag}[,security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}] +@item -virtfs @var{fsdriver}[,path=@var{path}],mount_tag=@var{mount_tag}[,security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}][,fmode=@var{fmode}][,dmode=@var{dmode}] @findex -virtfs The general form of a Virtual File system pass-through options are: @@ -1124,6 +1130,12 @@ will create socketpair and pass one of the fds as sock_fd @item sock_fd Enables proxy filesystem driver to use passed 'sock_fd' as the socket descriptor for interfacing with virtfs-proxy-helper +@item fmode=@var{fmode} +Specifies the default mode for newly created files on the host. Works only +with security models "mapped-xattr" and "mapped-file". +@item dmode=@var{dmode} +Specifies the default mode for newly created directories on the host. Works +only with security models "mapped-xattr" and "mapped-file". @end table ETEXI |