virtio-9p: Introduces an option to specify the security model.

The new option is: -fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough] -virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag In the case of mapped security model, files are created with QEMU user credentials and the client-user's credentials are saved in extended attributes. Whereas in the case of passthrough security model, files on the filesystem are directly created with client-user's credentials. Signed-off-by: N Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>

virtio-9p: Introduces an option to specify the security model.
The new option is: -fsdev fstype,id=myid,path=/share_path/,security_model=[mapped|passthrough] -virtfs fstype,path=/share_path/,security_model=[mapped|passthrough],mnt_tag=tag In the case of mapped security model, files are created with QEMU user credentials and the client-user's credentials are saved in extended attributes. Whereas in the case of passthrough security model, files on the filesystem are directly created with client-user's credentials. Signed-off-by: N Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: N Anthony Liguori <aliguori@us.ibm.com>
9ce56db6 · Venkateswararao Jujjuri (JV) · Anthony Liguori · fac4f111 · 9ce56db6 · 9ce56db6
6 changed file
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -34,7 +34,7 @@ int qemu_fsdev_add(QemuOpts *opts)
        return -1;
    }
-     for (i = 0; i < ARRAY_SIZE(FsTypes); i++) {
+    for (i = 0; i < ARRAY_SIZE(FsTypes); i++) {
        if (strcmp(FsTypes[i].name, qemu_opt_get(opts, "fstype")) == 0) {
            break;
        }
@@ -46,10 +46,17 @@ int qemu_fsdev_add(QemuOpts *opts)
        return -1;
    }
+    if (qemu_opt_get(opts, "security_model") == NULL) {
+        fprintf(stderr, "fsdev: No security_model specified.\n");
+        return -1;
+    }
    fsle = qemu_malloc(sizeof(*fsle));
    fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
    fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
+    fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
+                "security_model"));
    fsle->fse.ops = FsTypes[i].ops;
    QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);

--- a/fsdev/qemu-fsdev.h
+++ b/fsdev/qemu-fsdev.h
@@ -40,6 +40,7 @@ typedef struct FsTypeTable {
 typedef struct FsTypeEntry {
    char *fsdev_id;
    char *path;
+    char *security_model;
    FileOperations *ops;
 } FsTypeEntry;

--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -2253,6 +2253,15 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
        exit(1);
    }
+    if (!strcmp(fse->security_model, "passthrough") &&
+                !strcmp(fse->security_model, "mapped")) {
+        /* user haven't specified a correct security option */
+        fprintf(stderr, "one of the following must be specified as the"
+                "security option:\n\t security_model=passthrough \n\t "
+                "security_model=mapped\n");
+        return NULL;
+    }
    if (lstat(fse->path, &stat)) {
        fprintf(stderr, "share path %s does not exist\n", fse->path);
        exit(1);

--- a/qemu-config.c
+++ b/qemu-config.c
@@ -163,6 +163,9 @@ QemuOptsList qemu_fsdev_opts = {
        }, {
            .name = "path",
            .type = QEMU_OPT_STRING,
+        }, {
+            .name = "security_model",
+            .type = QEMU_OPT_STRING,
        },
        { /*End of list */ }
    },
@@ -184,6 +187,9 @@ QemuOptsList qemu_virtfs_opts = {
        }, {
            .name = "mount_tag",
            .type = QEMU_OPT_STRING,
+        }, {
+            .name = "security_model",
+            .type = QEMU_OPT_STRING,
        },
        { /*End of list */ }

--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -486,7 +486,7 @@ ETEXI
 DEFHEADING(File system options:)
 DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
-    "-fsdev local,id=id,path=path\n",
+    "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
    QEMU_ARCH_ALL)
 STEXI
@@ -502,7 +502,7 @@ The specific Fstype will determine the applicable options.
 Options to each backend are described below.
-@item -fsdev local ,id=@var{id} ,path=@var{path}
+@item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model}
 Create a file-system-"device" for local-filesystem.
@@ -510,6 +510,9 @@ Create a file-system-"device" for local-filesystem.
 @option{path} specifies the path to be exported. @option{path} is required.
+@option{security_model} specifies the security model to be followed.
+@option{security_model} is required.
 @end table
 ETEXI
 #endif
@@ -518,7 +521,7 @@ ETEXI
 DEFHEADING(Virtual File system pass-through options:)
 DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
-    "-virtfs local,path=path,mount_tag=tag\n",
+    "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
    QEMU_ARCH_ALL)
 STEXI
@@ -534,7 +537,7 @@ The specific Fstype will determine the applicable options.
 Options to each backend are described below.
-@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag}
+@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model}
 Create a Virtual file-system-pass through for local-filesystem.
@@ -542,6 +545,10 @@ Create a Virtual file-system-pass through for local-filesystem.
 @option{path} specifies the path to be exported. @option{path} is required.
+@option{security_model} specifies the security model to be followed.
+@option{security_model} is required.
 @option{mount_tag} specifies the tag with which the exported file is mounted.
 @option{mount_tag} is required.

--- a/vl.c
+++ b/vl.c
@@ -2300,10 +2300,21 @@ int main(int argc, char **argv, char **envp)
                    exit(1);
                }
-                len = strlen(",id=,path=");
+                if (qemu_opt_get(opts, "fstype") == NULL ||
+                        qemu_opt_get(opts, "mount_tag") == NULL ||
+                        qemu_opt_get(opts, "path") == NULL ||
+                        qemu_opt_get(opts, "security_model") == NULL) {
+                    fprintf(stderr, "Usage: -virtfs fstype,path=/share_path/,"
+                            "security_model=[mapped|passthrough],"
+                            "mnt_tag=tag.\n");
+                    exit(1);
+                }
+                len = strlen(",id=,path=,security_model=");
                len += strlen(qemu_opt_get(opts, "fstype"));
                len += strlen(qemu_opt_get(opts, "mount_tag"));
                len += strlen(qemu_opt_get(opts, "path"));
+                len += strlen(qemu_opt_get(opts, "security_model"));
                arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
                if (!arg_fsdev) {
@@ -2312,10 +2323,11 @@ int main(int argc, char **argv, char **envp)
                    exit(1);
                }
-                sprintf(arg_fsdev, "%s,id=%s,path=%s",
+                sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
                                qemu_opt_get(opts, "fstype"),
                                qemu_opt_get(opts, "mount_tag"),
-                                qemu_opt_get(opts, "path"));
+                                qemu_opt_get(opts, "path"),
+                                qemu_opt_get(opts, "security_model"));
                len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
                len += 2*strlen(qemu_opt_get(opts, "mount_tag"));