motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-08-04 08:13:54 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

virtio-9p: Make infrastructure for the new security model.

Browse source 
This patch adds required infrastructure for the new security model.

- A new configure option for attr/xattr.
- if CONFIG_VIRTFS will be defined if both CONFIG_LINUX and CONFIG_ATTR defined.
- Defines routines related to both security models.

Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
Venkateswararao Jujjuri (JV) 2010-06-14 13:34:41 -07:00 committed by Anthony Liguori
parent 9ce56db6f0
commit 758e8e38eb
8 changed files with 114 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

25
hw/virtio-9p.c
View file

@ -67,16 +67,19 @@ static int omode_to_uflags(int8_t mode)
return ret;
}
void cred_init(FsCred *credp)
{
credp->fc_uid = -1;
credp->fc_gid = -1;
credp->fc_mode = -1;
credp->fc_rdev = -1;
}
static int v9fs_do_lstat(V9fsState *s, V9fsString *path, struct stat *stbuf)
{
return s->ops->lstat(&s->ctx, path->data, stbuf);
}
static int v9fs_do_setuid(V9fsState *s, uid_t uid)
{
return s->ops->setuid(&s->ctx, uid);
}
static ssize_t v9fs_do_readlink(V9fsState *s, V9fsString *path, V9fsString *buf)
{
ssize_t len;
@ -348,7 +351,6 @@ static V9fsFidState *lookup_fid(V9fsState *s, int32_t fid)
for (f = s->fid_list; f; f = f->next) {
if (f->fid == fid) {
v9fs_do_setuid(s, f->uid);
return f;
}
}
@ -2253,8 +2255,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
exit(1);
}
if (!strcmp(fse->security_model, "passthrough") &&
!strcmp(fse->security_model, "mapped")) {
if (!strcmp(fse->security_model, "passthrough")) {
/* Files on the Fileserver set to client user credentials */
s->ctx.fs_sm = SM_PASSTHROUGH;
} else if (!strcmp(fse->security_model, "mapped")) {
/* Files on the fileserver are set to QEMU credentials.
* Client user credentials are saved in extended attributes.
*/
s->ctx.fs_sm = SM_MAPPED;
} else {
/* user haven't specified a correct security option */
fprintf(stderr, "one of the following must be specified as the"
"security option:\n\t security_model=passthrough \n\t "