From: Ian Jackson <ian.jackson@eu.citrix.com>
To: xen-devel@lists.xensource.com
Cc: Ross Lagerwall <ross.lagerwall@citrix.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Wei Liu <wei.liu2@citrix.com>,
Ian Jackson <Ian.Jackson@eu.citrix.com>
Subject: [PATCH 23/24] libxl: dm_restrict: Support uid range user
Date: Wed, 4 Oct 2017 16:57:29 +0100 [thread overview]
Message-ID: <1507132650-25376-24-git-send-email-ian.jackson@eu.citrix.com> (raw)
In-Reply-To: <1507132650-25376-1-git-send-email-ian.jackson@eu.citrix.com>
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
---
docs/man/xl.cfg.pod.5.in | 11 ++++++++++-
tools/libxl/libxl_dm.c | 32 ++++++++++++++++++++++++++++++++
tools/libxl/libxl_internal.h | 1 +
3 files changed, 43 insertions(+), 1 deletion(-)
diff --git a/docs/man/xl.cfg.pod.5.in b/docs/man/xl.cfg.pod.5.in
index 129223b..8446d43 100644
--- a/docs/man/xl.cfg.pod.5.in
+++ b/docs/man/xl.cfg.pod.5.in
@@ -2240,7 +2240,16 @@ For example, cdrom insert will fail.
=item
You must create user(s) for qemu to run as.
-Currently, you should either create
+
+Ideally, set aside a range of 32752 uids
+(from N to N+32751)
+and create a user
+whose name is B<xen-qemuuser-range-base>
+and whose uid is N
+and whose gid is a plain unprivileged gid.
+libxl will use one such user for each domid.
+
+Alternatively, either create
B<xen-qemuuser-domid$domid>
for every $domid from 1 to 32751 inclusive,
or
diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c
index b1e6796..4dc490d 100644
--- a/tools/libxl/libxl_dm.c
+++ b/tools/libxl/libxl_dm.c
@@ -23,6 +23,7 @@
#include <xen/hvm/e820.h>
#include <sys/types.h>
#include <pwd.h>
+#include <grp.h>
static const char *libxl_tapif_script(libxl__gc *gc)
{
@@ -753,6 +754,9 @@ libxl__detect_gfx_passthru_kind(libxl__gc *gc,
* userlookup_helper_getpwnam(libxl__gc*, const char *user,
* struct passwd **pwd_r);
*
+ * userlookup_helper_getpwuid(libxl__gc*, uid_t uid,
+ * struct passwd **pwd_r);
+ *
* returns 1 if the user was found, 0 if it was not, -1 on error
*/
#define DEFINE_USERLOOKUP_HELPER(NAME,SPEC_TYPE,STRUCTNAME,SYSCONF) \
@@ -791,6 +795,7 @@ libxl__detect_gfx_passthru_kind(libxl__gc *gc,
}
DEFINE_USERLOOKUP_HELPER(getpwnam, const char*, passwd, _SC_GETPW_R_SIZE_MAX);
+DEFINE_USERLOOKUP_HELPER(getpwuid, uid_t, passwd, _SC_GETPW_R_SIZE_MAX);
/* colo mode */
enum {
@@ -951,6 +956,7 @@ static int libxl__build_device_model_args_new(libxl__gc *gc,
uint64_t ram_size;
const char *path, *chardev;
char *user = NULL;
+ struct passwd *user_base;
dm_args = flexarray_make(gc, 16, 1);
dm_envs = flexarray_make(gc, 16, 1);
@@ -1660,6 +1666,32 @@ static int libxl__build_device_model_args_new(libxl__gc *gc,
if (ret > 0)
goto end_search;
+ ret = userlookup_helper_getpwnam(gc, LIBXL_QEMU_USER_RANGE_BASE,
+ &user_base);
+ if (ret < 0)
+ return ret;
+ if (ret > 0) {
+ struct passwd *user_clash;
+ uid_t intended_uid = user_base->pw_uid + guest_domid;
+ ret = userlookup_helper_getpwuid(gc, intended_uid, &user_clash);
+ if (ret < 0)
+ return ret;
+ if (ret > 0) {
+ LOGD(ERROR, guest_domid,
+ "wanted to use uid %ld (%s + %d) but that is user %s !",
+ (long)intended_uid, LIBXL_QEMU_USER_RANGE_BASE,
+ guest_domid, user_clash->pw_name);
+ return ERROR_FAIL;
+ }
+ LOGD(DEBUG, guest_domid, "using uid %ld", (long)intended_uid);
+ flexarray_append(dm_args, "-runasid");
+ flexarray_append(dm_args,
+ GCSPRINTF("%ld.%ld", (long)intended_uid,
+ (long)user_base->pw_gid));
+ user = NULL; /* we have taken care of it */
+ goto end_search;
+ }
+
user = LIBXL_QEMU_USER_SHARED;
ret = userlookup_helper_getpwnam(gc, user, 0);
if (ret < 0)
diff --git a/tools/libxl/libxl_internal.h b/tools/libxl/libxl_internal.h
index 43939a7..fff3e23 100644
--- a/tools/libxl/libxl_internal.h
+++ b/tools/libxl/libxl_internal.h
@@ -4308,6 +4308,7 @@ _hidden int libxl__read_sysfs_file_contents(libxl__gc *gc,
#define LIBXL_QEMU_USER_PREFIX "xen-qemuuser"
#define LIBXL_QEMU_USER_BASE LIBXL_QEMU_USER_PREFIX"-domid"
#define LIBXL_QEMU_USER_SHARED LIBXL_QEMU_USER_PREFIX"-shared"
+#define LIBXL_QEMU_USER_RANGE_BASE LIBXL_QEMU_USER_PREFIX"-range-base"
static inline bool libxl__acpi_defbool_val(const libxl_domain_build_info *b_info)
{
--
2.1.4
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
next prev parent reply other threads:[~2017-10-04 15:57 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-04 15:57 [PATCH v2 00/24] Provide some actual restriction of qemu Ian Jackson
2017-10-04 15:57 ` [PATCH 01/24] xen: Provide XEN_DMOP_remote_shutdown Ian Jackson
2017-10-04 15:57 ` [PATCH 02/24] xen: x86 dm_op: add missing newline before XEN_DMOP_inject_msi Ian Jackson
2017-10-04 15:57 ` [PATCH 03/24] tools: libxendevicemodel: Provide xendevicemodel_shutdown Ian Jackson
2017-10-05 11:39 ` Wei Liu
2017-10-04 15:57 ` [PATCH 04/24] xentoolcore, _restrict_all: Introduce new library and implementation Ian Jackson
2017-10-06 17:41 ` Ross Lagerwall
2017-10-04 15:57 ` [PATCH 05/24] xentoolcore: Link into stubdoms Ian Jackson
2017-10-05 11:40 ` Wei Liu
2017-10-04 15:57 ` [PATCH 06/24] tools: qemu-xen build: prepare to link against xentoolcore Ian Jackson
2017-10-04 15:57 ` [PATCH 07/24] libxl: #include "xentoolcore_internal.h" Ian Jackson
2017-10-04 15:57 ` [PATCH 08/24] tools: move CONTAINER_OF to xentoolcore_internal.h Ian Jackson
2017-10-04 15:57 ` [PATCH 09/24] xentoolcore_restrict_all: Implement for libxendevicemodel Ian Jackson
2017-10-05 11:40 ` Wei Liu
2017-10-04 15:57 ` [PATCH 10/24] xentoolcore_restrict_all: "Implement" for libxencall Ian Jackson
2017-10-04 15:57 ` [PATCH 11/24] xentoolcore_restrict: Break out xentoolcore__restrict_by_dup2_null Ian Jackson
2017-10-04 15:57 ` [PATCH 12/24] xentoolcore_restrict_all: Implement for libxenforeignmemory Ian Jackson
2017-10-05 11:41 ` Wei Liu
2017-10-04 15:57 ` [PATCH 13/24] xentoolcore_restrict_all: Declare problems due to no evtchn support Ian Jackson
2017-10-04 15:57 ` [PATCH 14/24] xentoolcore_restrict_all: "Implement" for xengnttab Ian Jackson
2017-10-04 15:57 ` [PATCH 15/24] tools/xenstore: get_handle: use "goto err" error handling style Ian Jackson
2017-10-04 15:57 ` [PATCH 16/24] tools/xenstore: get_handle: Allocate struct before opening fd Ian Jackson
2017-10-04 15:57 ` [PATCH 17/24] xentoolcore_restrict_all: "Implement" for xenstore Ian Jackson
2017-10-04 15:57 ` [PATCH 18/24] xentoolcore, _restrict_all: Document implementation "complete" Ian Jackson
2017-10-05 11:41 ` Wei Liu
2017-10-04 15:57 ` [PATCH 19/24] xl, libxl: Provide dm_restrict Ian Jackson
2017-10-04 15:57 ` [PATCH 20/24] libxl: Rationalise calculation of user to run qemu as Ian Jackson
2017-10-05 11:49 ` Wei Liu
2017-10-04 15:57 ` [PATCH 21/24] libxl: libxl__dm_runas_helper: return pwd Ian Jackson
2017-10-04 15:57 ` [PATCH 22/24] libxl: userlookup_helper_getpwnam rename and turn into a macro Ian Jackson
2017-10-04 15:57 ` Ian Jackson [this message]
2017-10-05 11:50 ` [PATCH 23/24] libxl: dm_restrict: Support uid range user Wei Liu
2017-10-04 15:57 ` [PATCH 24/24] tools: xentoolcore_restrict_all: use domid_t Ian Jackson
2017-10-05 11:50 ` Wei Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1507132650-25376-24-git-send-email-ian.jackson@eu.citrix.com \
--to=ian.jackson@eu.citrix.com \
--cc=ross.lagerwall@citrix.com \
--cc=sstabellini@kernel.org \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xensource.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.