aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVenkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com>2010-06-14 13:34:40 -0700
committerAnthony Liguori <aliguori@us.ibm.com>2010-06-22 15:15:30 -0500
commit9ce56db6f0de81fd81972029073ff8008830bc02 (patch)
treeb5dea604c05c2f06080ffbc9cc96385a337b093b
parentfac4f111476740f5bda988b320aa9037d6672a56 (diff)
virtio-9p: Introduces an option to specify the security model.
The new option is: -fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough] -virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag In the case of mapped security model, files are created with QEMU user credentials and the client-user's credentials are saved in extended attributes. Whereas in the case of passthrough security model, files on the filesystem are directly created with client-user's credentials. Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
-rw-r--r--fsdev/qemu-fsdev.c9
-rw-r--r--fsdev/qemu-fsdev.h1
-rw-r--r--hw/virtio-9p.c9
-rw-r--r--qemu-config.c6
-rw-r--r--qemu-options.hx15
-rw-r--r--vl.c18
6 files changed, 50 insertions, 8 deletions
diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
index 813e1f77a..ad69b0ea4 100644
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts)
return -1;
}
- for (i = 0; i < ARRAY_SIZE(FsTypes); i++) {
+ for (i = 0; i < ARRAY_SIZE(FsTypes); i++) {
if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
break;
}
@@ -46,10 +46,17 @@ int qemu_fsdev_add(QemuOpts *opts)
return -1;
}
+ if (qemu_opt_get(opts, "security_model") == NULL) {
+ fprintf(stderr, "fsdev: No security_model specified.\n");
+ return -1;
+ }
+
fsle = qemu_malloc(sizeof(*fsle));
fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
+ fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
+ "security_model"));
fsle->fse.ops = FsTypes[i].ops;
QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
diff --git a/fsdev/qemu-fsdev.h b/fsdev/qemu-fsdev.h
index b50fbe057..6c2788147 100644
--- a/fsdev/qemu-fsdev.h
+++ b/fsdev/qemu-fsdev.h
@@ -40,6 +40,7 @@ typedef struct FsTypeTable {
typedef struct FsTypeEntry {
char *fsdev_id;
char *path;
+ char *security_model;
FileOperations *ops;
} FsTypeEntry;
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index 038bb39cd..253048833 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -2253,6 +2253,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
exit(1);
}
+ if (!strcmp(fse->security_model, "passthrough") &&
+ !strcmp(fse->security_model, "mapped")) {
+ /* user haven't specified a correct security option */
+ fprintf(stderr, "one of the following must be specified as the"
+ "security option:\n\t security_model=passthrough \n\t "
+ "security_model=mapped\n");
+ return NULL;
+ }
+
if (lstat(fse->path, &stat)) {
fprintf(stderr, "share path %s does not exist\n", fse->path);
exit(1);
diff --git a/qemu-config.c b/qemu-config.c
index 5a4e61b0f..95abe61fa 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -163,6 +163,9 @@ QemuOptsList qemu_fsdev_opts = {
}, {
.name = "path",
.type = QEMU_OPT_STRING,
+ }, {
+ .name = "security_model",
+ .type = QEMU_OPT_STRING,
},
{ /*End of list */ }
},
@@ -184,6 +187,9 @@ QemuOptsList qemu_virtfs_opts = {
}, {
.name = "mount_tag",
.type = QEMU_OPT_STRING,
+ }, {
+ .name = "security_model",
+ .type = QEMU_OPT_STRING,
},
{ /*End of list */ }
diff --git a/qemu-options.hx b/qemu-options.hx
index a6928b7aa..d1d22726b 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -486,7 +486,7 @@ ETEXI
DEFHEADING(File system options:)
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
- "-fsdev local,id=id,path=path\n",
+ "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
QEMU_ARCH_ALL)
STEXI
@@ -502,7 +502,7 @@ The specific Fstype will determine the applicable options.
Options to each backend are described below.
-@item -fsdev local ,id=@var{id} ,path=@var{path}
+@item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model}
Create a file-system-"device" for local-filesystem.
@@ -510,6 +510,9 @@ Create a file-system-"device" for local-filesystem.
@option{path} specifies the path to be exported. @option{path} is required.
+@option{security_model} specifies the security model to be followed.
+@option{security_model} is required.
+
@end table
ETEXI
#endif
@@ -518,7 +521,7 @@ ETEXI
DEFHEADING(Virtual File system pass-through options:)
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
- "-virtfs local,path=path,mount_tag=tag\n",
+ "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
QEMU_ARCH_ALL)
STEXI
@@ -534,7 +537,7 @@ The specific Fstype will determine the applicable options.
Options to each backend are described below.
-@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag}
+@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model}
Create a Virtual file-system-pass through for local-filesystem.
@@ -542,6 +545,10 @@ Create a Virtual file-system-pass through for local-filesystem.
@option{path} specifies the path to be exported. @option{path} is required.
+@option{security_model} specifies the security model to be followed.
+@option{security_model} is required.
+
+
@option{mount_tag} specifies the tag with which the exported file is mounted.
@option{mount_tag} is required.
diff --git a/vl.c b/vl.c
index e5e43b359..43d3d0ec2 100644
--- a/vl.c
+++ b/vl.c
@@ -2300,10 +2300,21 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
- len = strlen(",id=,path=");
+ if (qemu_opt_get(opts, "fstype") == NULL ||
+ qemu_opt_get(opts, "mount_tag") == NULL ||
+ qemu_opt_get(opts, "path") == NULL ||
+ qemu_opt_get(opts, "security_model") == NULL) {
+ fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
+ "security_model=[mapped|passthrough],"
+ "mnt_tag=tag.\n");
+ exit(1);
+ }
+
+ len = strlen(",id=,path=,security_model=");
len += strlen(qemu_opt_get(opts, "fstype"));
len += strlen(qemu_opt_get(opts, "mount_tag"));
len += strlen(qemu_opt_get(opts, "path"));
+ len += strlen(qemu_opt_get(opts, "security_model"));
arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
if (!arg_fsdev) {
@@ -2312,10 +2323,11 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
- sprintf(arg_fsdev, "%s,id=%s,path=%s",
+ sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
qemu_opt_get(opts, "fstype"),
qemu_opt_get(opts, "mount_tag"),
- qemu_opt_get(opts, "path"));
+ qemu_opt_get(opts, "path"),
+ qemu_opt_get(opts, "security_model"));
len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
len += 2*strlen(qemu_opt_get(opts, "mount_tag"));