proxmox-mirrors/qemu
1
0
Fork 0
mirror of https://git.proxmox.com/git/qemu synced 2025-08-07 02:14:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

virtio-9p: Implement Security model for mksock using mknod.

Browse Source 
This patch uses mknod to create socket.

On Host/Fileserver:
-rw-------. 1 virfsuid virtfsgid 0 2010-05-11 09:57 asocket1

On Guest/Client:
srwxr-xr-x 1 guestuser guestuser 0 2010-05-11 12:57 asocket1

Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
Venkateswararao Jujjuri (JV) 2010-06-14 13:34:49 -07:00 committed by Anthony Liguori
parent 1c29331248
commit 63729c3692
3 changed files with 2 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
hw/file-op-9p.h
View File

@ -52,7 +52,6 @@ typedef struct FileOperations
int (*chmod)(FsContext *, const char *, FsCred *); int (*chmod)(FsContext *, const char *, FsCred *);
int (*chown)(FsContext *, const char *, FsCred *); int (*chown)(FsContext *, const char *, FsCred *);
int (*mknod)(FsContext *, const char *, FsCred *); int (*mknod)(FsContext *, const char *, FsCred *);
int (*mksock)(FsContext *, const char *);
int (*utime)(FsContext *, const char *, const struct utimbuf *); int (*utime)(FsContext *, const char *, const struct utimbuf *);
int (*remove)(FsContext *, const char *); int (*remove)(FsContext *, const char *);
int (*symlink)(FsContext *, const char *, const char *, FsCred *); int (*symlink)(FsContext *, const char *, const char *, FsCred *);

23
hw/virtio-9p-local.c
View File

@ -230,28 +230,6 @@ err_end:
return err; return err;
} }
static int local_mksock(FsContext *ctx2, const char *path)
{
struct sockaddr_un addr;
int s;
addr.sun_family = AF_UNIX;
snprintf(addr.sun_path, 108, "%s", rpath(ctx2, path));
s = socket(PF_UNIX, SOCK_STREAM, 0);
if (s == -1) {
return -1;
}
if (bind(s, (struct sockaddr *)&addr, sizeof(addr))) {
close(s);
return -1;
}
close(s);
return 0;
}
static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp) static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
{ {
int err = -1; int err = -1;
@ -507,7 +485,6 @@ FileOperations local_ops = {
.writev = local_writev, .writev = local_writev,
.chmod = local_chmod, .chmod = local_chmod,
.mknod = local_mknod, .mknod = local_mknod,
.mksock = local_mksock,
.mkdir = local_mkdir, .mkdir = local_mkdir,
.fstat = local_fstat, .fstat = local_fstat,
.open2 = local_open2, .open2 = local_open2,

25
hw/virtio-9p.c
View File

@ -171,11 +171,6 @@ static int v9fs_do_mknod(V9fsState *s, V9fsCreateState *vs, mode_t mode,
return s->ops->mknod(&s->ctx, vs->fullname.data, &cred); return s->ops->mknod(&s->ctx, vs->fullname.data, &cred);
} }
static int v9fs_do_mksock(V9fsState *s, V9fsString *path)
{
return s->ops->mksock(&s->ctx, path->data);
}
static int v9fs_do_mkdir(V9fsState *s, V9fsCreateState *vs) static int v9fs_do_mkdir(V9fsState *s, V9fsCreateState *vs)
{ {
FsCred cred; FsCred cred;
@ -1740,22 +1735,6 @@ out:
v9fs_post_create(s, vs, err); v9fs_post_create(s, vs, err);
} }
static void v9fs_create_post_mksock(V9fsState *s, V9fsCreateState *vs,
int err)
{
if (err) {
err = -errno;
goto out;
}
err = v9fs_do_chmod(s, &vs->fullname, vs->perm & 0777);
v9fs_create_post_perms(s, vs, err);
return;
out:
v9fs_post_create(s, vs, err);
}
static void v9fs_create_post_fstat(V9fsState *s, V9fsCreateState *vs, int err) static void v9fs_create_post_fstat(V9fsState *s, V9fsCreateState *vs, int err)
{ {
if (err) { if (err) {
@ -1837,8 +1816,8 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err)
err = v9fs_do_mknod(s, vs, S_IFIFO | (vs->perm & 0777), 0); err = v9fs_do_mknod(s, vs, S_IFIFO | (vs->perm & 0777), 0);
v9fs_post_create(s, vs, err); v9fs_post_create(s, vs, err);
} else if (vs->perm & P9_STAT_MODE_SOCKET) { } else if (vs->perm & P9_STAT_MODE_SOCKET) {
err = v9fs_do_mksock(s, &vs->fullname); err = v9fs_do_mknod(s, vs, S_IFSOCK | (vs->perm & 0777), 0);
v9fs_create_post_mksock(s, vs, err); v9fs_post_create(s, vs, err);
} else { } else {
vs->fidp->fd = v9fs_do_open2(s, vs); vs->fidp->fd = v9fs_do_open2(s, vs);
v9fs_create_post_open2(s, vs, err); v9fs_create_post_open2(s, vs, err);