From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org, maxim.uvarov@linaro.org,
joakim.bech@linaro.org, ilias.apalodimas@linaro.org,
tomas.winkler@intel.com, yang.huang@intel.com,
bing.zhu@intel.com, Matti.Moell@opensynergy.com,
hmo@opensynergy.com
Cc: jean-philippe@linaro.org,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
takahiro.akashi@linaro.org,
"Stefan Hajnoczi" <stefanha@redhat.com>,
virtualization@lists.linuxfoundation.org,
"Alex Bennée" <alex.bennee@linaro.org>,
arnd@linaro.org, stratos-dev@op-lists.linaro.org
Subject: [RFC PATCH 01/19] tools/virtiofsd: add support for --socket-group
Date: Fri, 25 Sep 2020 13:51:29 +0100 [thread overview]
Message-ID: <20200925125147.26943-2-alex.bennee@linaro.org> (raw)
In-Reply-To: <20200925125147.26943-1-alex.bennee@linaro.org>
If you like running QEMU as a normal user (very common for TCG runs)
but you have to run virtiofsd as a root user you run into connection
problems. Adding support for an optional --socket-group allows the
users to keep using the command line.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
---
v1
- tweak documentation and commentary
---
docs/tools/virtiofsd.rst | 4 ++++
tools/virtiofsd/fuse_i.h | 1 +
tools/virtiofsd/fuse_lowlevel.c | 6 ++++++
tools/virtiofsd/fuse_virtio.c | 20 ++++++++++++++++++--
4 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
index e33c81ed41f1..085f9b12a6a3 100644
--- a/docs/tools/virtiofsd.rst
+++ b/docs/tools/virtiofsd.rst
@@ -87,6 +87,10 @@ Options
Listen on vhost-user UNIX domain socket at PATH.
+.. option:: --socket-group=GROUP
+
+ Set the vhost-user UNIX domain socket gid to GROUP.
+
.. option:: --fd=FDNUM
Accept connections from vhost-user UNIX domain socket file descriptor FDNUM.
diff --git a/tools/virtiofsd/fuse_i.h b/tools/virtiofsd/fuse_i.h
index 1240828208ab..492e002181e2 100644
--- a/tools/virtiofsd/fuse_i.h
+++ b/tools/virtiofsd/fuse_i.h
@@ -68,6 +68,7 @@ struct fuse_session {
size_t bufsize;
int error;
char *vu_socket_path;
+ char *vu_socket_group;
int vu_listen_fd;
int vu_socketfd;
struct fv_VuDev *virtio_dev;
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index 2dd36ec03b6e..4d1ba2925d1b 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -2523,6 +2523,7 @@ static const struct fuse_opt fuse_ll_opts[] = {
LL_OPTION("--debug", debug, 1),
LL_OPTION("allow_root", deny_others, 1),
LL_OPTION("--socket-path=%s", vu_socket_path, 0),
+ LL_OPTION("--socket-group=%s", vu_socket_group, 0),
LL_OPTION("--fd=%d", vu_listen_fd, 0),
LL_OPTION("--thread-pool-size=%d", thread_pool_size, 0),
FUSE_OPT_END
@@ -2630,6 +2631,11 @@ struct fuse_session *fuse_session_new(struct fuse_args *args,
"fuse: --socket-path and --fd cannot be given together\n");
goto out4;
}
+ if (se->vu_socket_group && !se->vu_socket_path) {
+ fuse_log(FUSE_LOG_ERR,
+ "fuse: --socket-group can only be used with --socket-path\n");
+ goto out4;
+ }
se->bufsize = FUSE_MAX_MAX_PAGES * getpagesize() + FUSE_BUFFER_HEADER_SIZE;
diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c
index 9e5537506c16..7942d3d11a87 100644
--- a/tools/virtiofsd/fuse_virtio.c
+++ b/tools/virtiofsd/fuse_virtio.c
@@ -31,6 +31,8 @@
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
+#include <sys/types.h>
+#include <grp.h>
#include <unistd.h>
#include "contrib/libvhost-user/libvhost-user.h"
@@ -924,15 +926,29 @@ static int fv_create_listen_socket(struct fuse_session *se)
/*
* Unfortunately bind doesn't let you set the mask on the socket,
- * so set umask to 077 and restore it later.
+ * so set umask appropriately and restore it later.
*/
- old_umask = umask(0077);
+ if (se->vu_socket_group) {
+ old_umask = umask(S_IROTH | S_IWOTH | S_IXOTH);
+ } else {
+ old_umask = umask(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH);
+ }
if (bind(listen_sock, (struct sockaddr *)&un, addr_len) == -1) {
fuse_log(FUSE_LOG_ERR, "vhost socket bind: %m\n");
close(listen_sock);
umask(old_umask);
return -1;
}
+ if (se->vu_socket_group) {
+ struct group *g = getgrnam(se->vu_socket_group);
+ if (g) {
+ if (!chown(se->vu_socket_path, -1, g->gr_gid)) {
+ fuse_log(FUSE_LOG_WARNING,
+ "vhost socket failed to set group to %s (%d)\n",
+ se->vu_socket_group, g->gr_gid);
+ }
+ }
+ }
umask(old_umask);
if (listen(listen_sock, 1) == -1) {
--
2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: "Alex Bennée" <alex.bennee@linaro.org>
To: qemu-devel@nongnu.org, maxim.uvarov@linaro.org,
joakim.bech@linaro.org, ilias.apalodimas@linaro.org,
tomas.winkler@intel.com, yang.huang@intel.com,
bing.zhu@intel.com, Matti.Moell@opensynergy.com,
hmo@opensynergy.com
Cc: jean-philippe@linaro.org,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>,
takahiro.akashi@linaro.org, Stefan Hajnoczi <stefanha@redhat.com>,
virtualization@lists.linuxfoundation.org, arnd@linaro.org,
stratos-dev@op-lists.linaro.org
Subject: [RFC PATCH 01/19] tools/virtiofsd: add support for --socket-group
Date: Fri, 25 Sep 2020 13:51:29 +0100 [thread overview]
Message-ID: <20200925125147.26943-2-alex.bennee@linaro.org> (raw)
In-Reply-To: <20200925125147.26943-1-alex.bennee@linaro.org>
If you like running QEMU as a normal user (very common for TCG runs)
but you have to run virtiofsd as a root user you run into connection
problems. Adding support for an optional --socket-group allows the
users to keep using the command line.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
---
v1
- tweak documentation and commentary
---
docs/tools/virtiofsd.rst | 4 ++++
tools/virtiofsd/fuse_i.h | 1 +
tools/virtiofsd/fuse_lowlevel.c | 6 ++++++
tools/virtiofsd/fuse_virtio.c | 20 ++++++++++++++++++--
4 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst
index e33c81ed41f1..085f9b12a6a3 100644
--- a/docs/tools/virtiofsd.rst
+++ b/docs/tools/virtiofsd.rst
@@ -87,6 +87,10 @@ Options
Listen on vhost-user UNIX domain socket at PATH.
+.. option:: --socket-group=GROUP
+
+ Set the vhost-user UNIX domain socket gid to GROUP.
+
.. option:: --fd=FDNUM
Accept connections from vhost-user UNIX domain socket file descriptor FDNUM.
diff --git a/tools/virtiofsd/fuse_i.h b/tools/virtiofsd/fuse_i.h
index 1240828208ab..492e002181e2 100644
--- a/tools/virtiofsd/fuse_i.h
+++ b/tools/virtiofsd/fuse_i.h
@@ -68,6 +68,7 @@ struct fuse_session {
size_t bufsize;
int error;
char *vu_socket_path;
+ char *vu_socket_group;
int vu_listen_fd;
int vu_socketfd;
struct fv_VuDev *virtio_dev;
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index 2dd36ec03b6e..4d1ba2925d1b 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -2523,6 +2523,7 @@ static const struct fuse_opt fuse_ll_opts[] = {
LL_OPTION("--debug", debug, 1),
LL_OPTION("allow_root", deny_others, 1),
LL_OPTION("--socket-path=%s", vu_socket_path, 0),
+ LL_OPTION("--socket-group=%s", vu_socket_group, 0),
LL_OPTION("--fd=%d", vu_listen_fd, 0),
LL_OPTION("--thread-pool-size=%d", thread_pool_size, 0),
FUSE_OPT_END
@@ -2630,6 +2631,11 @@ struct fuse_session *fuse_session_new(struct fuse_args *args,
"fuse: --socket-path and --fd cannot be given together\n");
goto out4;
}
+ if (se->vu_socket_group && !se->vu_socket_path) {
+ fuse_log(FUSE_LOG_ERR,
+ "fuse: --socket-group can only be used with --socket-path\n");
+ goto out4;
+ }
se->bufsize = FUSE_MAX_MAX_PAGES * getpagesize() + FUSE_BUFFER_HEADER_SIZE;
diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c
index 9e5537506c16..7942d3d11a87 100644
--- a/tools/virtiofsd/fuse_virtio.c
+++ b/tools/virtiofsd/fuse_virtio.c
@@ -31,6 +31,8 @@
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/un.h>
+#include <sys/types.h>
+#include <grp.h>
#include <unistd.h>
#include "contrib/libvhost-user/libvhost-user.h"
@@ -924,15 +926,29 @@ static int fv_create_listen_socket(struct fuse_session *se)
/*
* Unfortunately bind doesn't let you set the mask on the socket,
- * so set umask to 077 and restore it later.
+ * so set umask appropriately and restore it later.
*/
- old_umask = umask(0077);
+ if (se->vu_socket_group) {
+ old_umask = umask(S_IROTH | S_IWOTH | S_IXOTH);
+ } else {
+ old_umask = umask(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH);
+ }
if (bind(listen_sock, (struct sockaddr *)&un, addr_len) == -1) {
fuse_log(FUSE_LOG_ERR, "vhost socket bind: %m\n");
close(listen_sock);
umask(old_umask);
return -1;
}
+ if (se->vu_socket_group) {
+ struct group *g = getgrnam(se->vu_socket_group);
+ if (g) {
+ if (!chown(se->vu_socket_path, -1, g->gr_gid)) {
+ fuse_log(FUSE_LOG_WARNING,
+ "vhost socket failed to set group to %s (%d)\n",
+ se->vu_socket_group, g->gr_gid);
+ }
+ }
+ }
umask(old_umask);
if (listen(listen_sock, 1) == -1) {
--
2.20.1
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2020-09-25 12:53 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-25 12:51 [RFC PATCH 00/19] vhost-user-rpmb (Replay Protected Memory Block) Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` Alex Bennée [this message]
2020-09-25 12:51 ` [RFC PATCH 01/19] tools/virtiofsd: add support for --socket-group Alex Bennée
2020-10-07 10:48 ` Dr. David Alan Gilbert
2020-10-07 10:48 ` Dr. David Alan Gilbert
2020-09-25 12:51 ` [RFC PATCH 02/19] hw/block: add boilerplate for vhost-user-rpmb device Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 03/19] hw/virtio: move virtio-pci.h into shared include space Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 04/19] hw/block: add vhost-user-rpmb-pci boilerplate Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 05/19] virtio-pci: add notification trace points Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 13:06 ` Philippe Mathieu-Daudé
2020-09-25 12:51 ` [RFC PATCH 06/19] tools/vhost-user-rpmb: add boilerplate and initial main Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 07/19] tools/vhost-user-rpmb: implement --print-capabilities Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 08/19] tools/vhost-user-rpmb: connect to fd and instantiate basic run loop Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 09/19] tools/vhost-user-rpmb: add a --verbose/debug flags for logging Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 10/19] tools/vhost-user-rpmb: handle shutdown and SIGINT/SIGHUP cleanly Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 11/19] tools/vhost-user-rpmb: add --flash-path for backing store Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 12/19] tools/vhost-user-rpmb: import hmac_sha256 functions Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 13/19] tools/vhost-user-rpmb: implement the PROGRAM_KEY handshake Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 14/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_GET_WRITE_COUNTER Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 15/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_WRITE Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-28 13:52 ` Joakim Bech
2020-09-28 14:56 ` Alex Bennée
2020-09-28 14:56 ` Alex Bennée
2020-09-28 15:18 ` Joakim Bech
2020-09-25 12:51 ` [RFC PATCH 16/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_READ Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 17/19] tools/vhost-user-rpmb: add key persistence Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 18/19] tools/vhost-user-rpmb: allow setting of the write_count Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 12:51 ` [RFC PATCH 19/19] docs: add a man page for vhost-user-rpmb Alex Bennée
2020-09-25 12:51 ` Alex Bennée
2020-09-25 14:07 ` [RFC PATCH 00/19] vhost-user-rpmb (Replay Protected Memory Block) no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200925125147.26943-2-alex.bennee@linaro.org \
--to=alex.bennee@linaro.org \
--cc=Matti.Moell@opensynergy.com \
--cc=arnd@linaro.org \
--cc=bing.zhu@intel.com \
--cc=dgilbert@redhat.com \
--cc=hmo@opensynergy.com \
--cc=ilias.apalodimas@linaro.org \
--cc=jean-philippe@linaro.org \
--cc=joakim.bech@linaro.org \
--cc=maxim.uvarov@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
--cc=stratos-dev@op-lists.linaro.org \
--cc=takahiro.akashi@linaro.org \
--cc=tomas.winkler@intel.com \
--cc=virtualization@lists.linuxfoundation.org \
--cc=yang.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.