virtio-9p: Implement Security model for mksock using mknod.

This patch uses mknod to create socket. On Host/Fileserver: -rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:57 asocket1 On Guest/Client: srwxr-xr-x 1 guestuser guestuser 0 2010-05-11 12:57 asocket1 Signed-off-by: N Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>

virtio-9p: Implement Security model for mksock using mknod.
This patch uses mknod to create socket. On Host/Fileserver: -rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:57 asocket1 On Guest/Client: srwxr-xr-x 1 guestuser guestuser 0 2010-05-11 12:57 asocket1 Signed-off-by: N Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>
63729c36 · Venkateswararao Jujjuri (JV) · Anthony Liguori · 1c293312 · 63729c36 · 63729c36
显示空白变更内容
内联并排

Showing with 2 addition and 47 deletion

hw/file-op-9p.h hw/file-op-9p.h +0 -1

hw/virtio-9p-local.c hw/virtio-9p-local.c +0 -23

hw/virtio-9p.c hw/virtio-9p.c +2 -23

未找到文件。
--- a/hw/file-op-9p.h
+++ b/hw/file-op-9p.h
@@ -52,7 +52,6 @@ typedef struct FileOperations
    int (*chmod)(FsContext *, const char *, FsCred *);
    int (*chown)(FsContext *, const char *, FsCred *);
    int (*mknod)(FsContext *, const char *, FsCred *);
-    int (*mksock)(FsContext *, const char *);
    int (*utime)(FsContext *, const char *, const struct utimbuf *);
    int (*remove)(FsContext *, const char *);
    int (*symlink)(FsContext *, const char *, const char *, FsCred *);

--- a/hw/virtio-9p-local.c
+++ b/hw/virtio-9p-local.c
@@ -230,28 +230,6 @@ err_end:
    return err;
 }
-static int local_mksock(FsContext *ctx2, const char *path)
-{
-    struct sockaddr_un addr;
-    int s;
-    addr.sun_family = AF_UNIX;
-    snprintf(addr.sun_path, 108, "%s", rpath(ctx2, path));
-    s = socket(PF_UNIX, SOCK_STREAM, 0);
-    if (s == -1) {
-        return -1;
-    }
-    if (bind(s, (struct sockaddr *)&addr, sizeof(addr))) {
-        close(s);
-        return -1;
-    }
-    close(s);
-    return 0;
-}
 static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
 {
    int err = -1;
@@ -507,7 +485,6 @@ FileOperations local_ops = {
    .writev = local_writev,
    .chmod = local_chmod,
    .mknod = local_mknod,
-    .mksock = local_mksock,
    .mkdir = local_mkdir,
    .fstat = local_fstat,
    .open2 = local_open2,

--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -171,11 +171,6 @@ static int v9fs_do_mknod(V9fsState *s, V9fsCreateState *vs, mode_t mode,
    return s->ops->mknod(&s->ctx, vs->fullname.data, &cred);
 }
-static int v9fs_do_mksock(V9fsState *s, V9fsString *path)
-{
-    return s->ops->mksock(&s->ctx, path->data);
-}
 static int v9fs_do_mkdir(V9fsState *s, V9fsCreateState *vs)
 {
    FsCred cred;
@@ -1740,22 +1735,6 @@ out:
    v9fs_post_create(s, vs, err);
 }
-static void v9fs_create_post_mksock(V9fsState *s, V9fsCreateState *vs,
-                                                                int err)
-{
-    if (err) {
-        err = -errno;
-        goto out;
-    }
-    err = v9fs_do_chmod(s, &vs->fullname, vs->perm & 0777);
-    v9fs_create_post_perms(s, vs, err);
-    return;
-out:
-    v9fs_post_create(s, vs, err);
-}
 static void v9fs_create_post_fstat(V9fsState *s, V9fsCreateState *vs, int err)
 {
    if (err) {
@@ -1837,8 +1816,8 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err)
        err = v9fs_do_mknod(s, vs, S_IFIFO | (vs->perm & 0777), 0);
        v9fs_post_create(s, vs, err);
    } else if (vs->perm & P9_STAT_MODE_SOCKET) {
-        err = v9fs_do_mksock(s, &vs->fullname);
+        err = v9fs_do_mknod(s, vs, S_IFSOCK | (vs->perm & 0777), 0);
-        v9fs_create_post_mksock(s, vs, err);
+        v9fs_post_create(s, vs, err);
    } else {
        vs->fidp->fd = v9fs_do_open2(s, vs);
        v9fs_create_post_open2(s, vs, err);