From: "Alex Bennée" <alex.bennee@linaro.org> To: qemu-devel@nongnu.org, maxim.uvarov@linaro.org, joakim.bech@linaro.org, ilias.apalodimas@linaro.org, tomas.winkler@intel.com, yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com Cc: jean-philippe@linaro.org, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, takahiro.akashi@linaro.org, "Stefan Hajnoczi" <stefanha@redhat.com>, virtualization@lists.linuxfoundation.org, "Alex Bennée" <alex.bennee@linaro.org>, arnd@linaro.org, stratos-dev@op-lists.linaro.org Subject: [RFC PATCH 01/19] tools/virtiofsd: add support for --socket-group Date: Fri, 25 Sep 2020 13:51:29 +0100 [thread overview] Message-ID: <20200925125147.26943-2-alex.bennee@linaro.org> (raw) In-Reply-To: <20200925125147.26943-1-alex.bennee@linaro.org> If you like running QEMU as a normal user (very common for TCG runs) but you have to run virtiofsd as a root user you run into connection problems. Adding support for an optional --socket-group allows the users to keep using the command line. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> --- v1 - tweak documentation and commentary --- docs/tools/virtiofsd.rst | 4 ++++ tools/virtiofsd/fuse_i.h | 1 + tools/virtiofsd/fuse_lowlevel.c | 6 ++++++ tools/virtiofsd/fuse_virtio.c | 20 ++++++++++++++++++-- 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst index e33c81ed41f1..085f9b12a6a3 100644 --- a/docs/tools/virtiofsd.rst +++ b/docs/tools/virtiofsd.rst @@ -87,6 +87,10 @@ Options Listen on vhost-user UNIX domain socket at PATH. +.. option:: --socket-group=GROUP + + Set the vhost-user UNIX domain socket gid to GROUP. + .. option:: --fd=FDNUM Accept connections from vhost-user UNIX domain socket file descriptor FDNUM. diff --git a/tools/virtiofsd/fuse_i.h b/tools/virtiofsd/fuse_i.h index 1240828208ab..492e002181e2 100644 --- a/tools/virtiofsd/fuse_i.h +++ b/tools/virtiofsd/fuse_i.h @@ -68,6 +68,7 @@ struct fuse_session { size_t bufsize; int error; char *vu_socket_path; + char *vu_socket_group; int vu_listen_fd; int vu_socketfd; struct fv_VuDev *virtio_dev; diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c index 2dd36ec03b6e..4d1ba2925d1b 100644 --- a/tools/virtiofsd/fuse_lowlevel.c +++ b/tools/virtiofsd/fuse_lowlevel.c @@ -2523,6 +2523,7 @@ static const struct fuse_opt fuse_ll_opts[] = { LL_OPTION("--debug", debug, 1), LL_OPTION("allow_root", deny_others, 1), LL_OPTION("--socket-path=%s", vu_socket_path, 0), + LL_OPTION("--socket-group=%s", vu_socket_group, 0), LL_OPTION("--fd=%d", vu_listen_fd, 0), LL_OPTION("--thread-pool-size=%d", thread_pool_size, 0), FUSE_OPT_END @@ -2630,6 +2631,11 @@ struct fuse_session *fuse_session_new(struct fuse_args *args, "fuse: --socket-path and --fd cannot be given together\n"); goto out4; } + if (se->vu_socket_group && !se->vu_socket_path) { + fuse_log(FUSE_LOG_ERR, + "fuse: --socket-group can only be used with --socket-path\n"); + goto out4; + } se->bufsize = FUSE_MAX_MAX_PAGES * getpagesize() + FUSE_BUFFER_HEADER_SIZE; diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c index 9e5537506c16..7942d3d11a87 100644 --- a/tools/virtiofsd/fuse_virtio.c +++ b/tools/virtiofsd/fuse_virtio.c @@ -31,6 +31,8 @@ #include <sys/socket.h> #include <sys/types.h> #include <sys/un.h> +#include <sys/types.h> +#include <grp.h> #include <unistd.h> #include "contrib/libvhost-user/libvhost-user.h" @@ -924,15 +926,29 @@ static int fv_create_listen_socket(struct fuse_session *se) /* * Unfortunately bind doesn't let you set the mask on the socket, - * so set umask to 077 and restore it later. + * so set umask appropriately and restore it later. */ - old_umask = umask(0077); + if (se->vu_socket_group) { + old_umask = umask(S_IROTH | S_IWOTH | S_IXOTH); + } else { + old_umask = umask(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH); + } if (bind(listen_sock, (struct sockaddr *)&un, addr_len) == -1) { fuse_log(FUSE_LOG_ERR, "vhost socket bind: %m\n"); close(listen_sock); umask(old_umask); return -1; } + if (se->vu_socket_group) { + struct group *g = getgrnam(se->vu_socket_group); + if (g) { + if (!chown(se->vu_socket_path, -1, g->gr_gid)) { + fuse_log(FUSE_LOG_WARNING, + "vhost socket failed to set group to %s (%d)\n", + se->vu_socket_group, g->gr_gid); + } + } + } umask(old_umask); if (listen(listen_sock, 1) == -1) { -- 2.20.1
WARNING: multiple messages have this Message-ID (diff)
From: "Alex Bennée" <alex.bennee@linaro.org> To: qemu-devel@nongnu.org, maxim.uvarov@linaro.org, joakim.bech@linaro.org, ilias.apalodimas@linaro.org, tomas.winkler@intel.com, yang.huang@intel.com, bing.zhu@intel.com, Matti.Moell@opensynergy.com, hmo@opensynergy.com Cc: jean-philippe@linaro.org, "Dr. David Alan Gilbert" <dgilbert@redhat.com>, takahiro.akashi@linaro.org, Stefan Hajnoczi <stefanha@redhat.com>, virtualization@lists.linuxfoundation.org, arnd@linaro.org, stratos-dev@op-lists.linaro.org Subject: [RFC PATCH 01/19] tools/virtiofsd: add support for --socket-group Date: Fri, 25 Sep 2020 13:51:29 +0100 [thread overview] Message-ID: <20200925125147.26943-2-alex.bennee@linaro.org> (raw) In-Reply-To: <20200925125147.26943-1-alex.bennee@linaro.org> If you like running QEMU as a normal user (very common for TCG runs) but you have to run virtiofsd as a root user you run into connection problems. Adding support for an optional --socket-group allows the users to keep using the command line. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> --- v1 - tweak documentation and commentary --- docs/tools/virtiofsd.rst | 4 ++++ tools/virtiofsd/fuse_i.h | 1 + tools/virtiofsd/fuse_lowlevel.c | 6 ++++++ tools/virtiofsd/fuse_virtio.c | 20 ++++++++++++++++++-- 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst index e33c81ed41f1..085f9b12a6a3 100644 --- a/docs/tools/virtiofsd.rst +++ b/docs/tools/virtiofsd.rst @@ -87,6 +87,10 @@ Options Listen on vhost-user UNIX domain socket at PATH. +.. option:: --socket-group=GROUP + + Set the vhost-user UNIX domain socket gid to GROUP. + .. option:: --fd=FDNUM Accept connections from vhost-user UNIX domain socket file descriptor FDNUM. diff --git a/tools/virtiofsd/fuse_i.h b/tools/virtiofsd/fuse_i.h index 1240828208ab..492e002181e2 100644 --- a/tools/virtiofsd/fuse_i.h +++ b/tools/virtiofsd/fuse_i.h @@ -68,6 +68,7 @@ struct fuse_session { size_t bufsize; int error; char *vu_socket_path; + char *vu_socket_group; int vu_listen_fd; int vu_socketfd; struct fv_VuDev *virtio_dev; diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c index 2dd36ec03b6e..4d1ba2925d1b 100644 --- a/tools/virtiofsd/fuse_lowlevel.c +++ b/tools/virtiofsd/fuse_lowlevel.c @@ -2523,6 +2523,7 @@ static const struct fuse_opt fuse_ll_opts[] = { LL_OPTION("--debug", debug, 1), LL_OPTION("allow_root", deny_others, 1), LL_OPTION("--socket-path=%s", vu_socket_path, 0), + LL_OPTION("--socket-group=%s", vu_socket_group, 0), LL_OPTION("--fd=%d", vu_listen_fd, 0), LL_OPTION("--thread-pool-size=%d", thread_pool_size, 0), FUSE_OPT_END @@ -2630,6 +2631,11 @@ struct fuse_session *fuse_session_new(struct fuse_args *args, "fuse: --socket-path and --fd cannot be given together\n"); goto out4; } + if (se->vu_socket_group && !se->vu_socket_path) { + fuse_log(FUSE_LOG_ERR, + "fuse: --socket-group can only be used with --socket-path\n"); + goto out4; + } se->bufsize = FUSE_MAX_MAX_PAGES * getpagesize() + FUSE_BUFFER_HEADER_SIZE; diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c index 9e5537506c16..7942d3d11a87 100644 --- a/tools/virtiofsd/fuse_virtio.c +++ b/tools/virtiofsd/fuse_virtio.c @@ -31,6 +31,8 @@ #include <sys/socket.h> #include <sys/types.h> #include <sys/un.h> +#include <sys/types.h> +#include <grp.h> #include <unistd.h> #include "contrib/libvhost-user/libvhost-user.h" @@ -924,15 +926,29 @@ static int fv_create_listen_socket(struct fuse_session *se) /* * Unfortunately bind doesn't let you set the mask on the socket, - * so set umask to 077 and restore it later. + * so set umask appropriately and restore it later. */ - old_umask = umask(0077); + if (se->vu_socket_group) { + old_umask = umask(S_IROTH | S_IWOTH | S_IXOTH); + } else { + old_umask = umask(S_IRGRP | S_IWGRP | S_IXGRP | S_IROTH | S_IWOTH | S_IXOTH); + } if (bind(listen_sock, (struct sockaddr *)&un, addr_len) == -1) { fuse_log(FUSE_LOG_ERR, "vhost socket bind: %m\n"); close(listen_sock); umask(old_umask); return -1; } + if (se->vu_socket_group) { + struct group *g = getgrnam(se->vu_socket_group); + if (g) { + if (!chown(se->vu_socket_path, -1, g->gr_gid)) { + fuse_log(FUSE_LOG_WARNING, + "vhost socket failed to set group to %s (%d)\n", + se->vu_socket_group, g->gr_gid); + } + } + } umask(old_umask); if (listen(listen_sock, 1) == -1) { -- 2.20.1 _______________________________________________ Virtualization mailing list Virtualization@lists.linux-foundation.org https://lists.linuxfoundation.org/mailman/listinfo/virtualization
next prev parent reply other threads:[~2020-09-25 12:53 UTC|newest] Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-09-25 12:51 [RFC PATCH 00/19] vhost-user-rpmb (Replay Protected Memory Block) Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` Alex Bennée [this message] 2020-09-25 12:51 ` [RFC PATCH 01/19] tools/virtiofsd: add support for --socket-group Alex Bennée 2020-10-07 10:48 ` Dr. David Alan Gilbert 2020-10-07 10:48 ` Dr. David Alan Gilbert 2020-09-25 12:51 ` [RFC PATCH 02/19] hw/block: add boilerplate for vhost-user-rpmb device Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 03/19] hw/virtio: move virtio-pci.h into shared include space Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 04/19] hw/block: add vhost-user-rpmb-pci boilerplate Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 05/19] virtio-pci: add notification trace points Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 13:06 ` Philippe Mathieu-Daudé 2020-09-25 12:51 ` [RFC PATCH 06/19] tools/vhost-user-rpmb: add boilerplate and initial main Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 07/19] tools/vhost-user-rpmb: implement --print-capabilities Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 08/19] tools/vhost-user-rpmb: connect to fd and instantiate basic run loop Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 09/19] tools/vhost-user-rpmb: add a --verbose/debug flags for logging Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 10/19] tools/vhost-user-rpmb: handle shutdown and SIGINT/SIGHUP cleanly Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 11/19] tools/vhost-user-rpmb: add --flash-path for backing store Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 12/19] tools/vhost-user-rpmb: import hmac_sha256 functions Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 13/19] tools/vhost-user-rpmb: implement the PROGRAM_KEY handshake Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 14/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_GET_WRITE_COUNTER Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 15/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_WRITE Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-28 13:52 ` Joakim Bech 2020-09-28 14:56 ` Alex Bennée 2020-09-28 14:56 ` Alex Bennée 2020-09-28 15:18 ` Joakim Bech 2020-09-25 12:51 ` [RFC PATCH 16/19] tools/vhost-user-rpmb: implement VIRTIO_RPMB_REQ_DATA_READ Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 17/19] tools/vhost-user-rpmb: add key persistence Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 18/19] tools/vhost-user-rpmb: allow setting of the write_count Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 12:51 ` [RFC PATCH 19/19] docs: add a man page for vhost-user-rpmb Alex Bennée 2020-09-25 12:51 ` Alex Bennée 2020-09-25 14:07 ` [RFC PATCH 00/19] vhost-user-rpmb (Replay Protected Memory Block) no-reply
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20200925125147.26943-2-alex.bennee@linaro.org \ --to=alex.bennee@linaro.org \ --cc=Matti.Moell@opensynergy.com \ --cc=arnd@linaro.org \ --cc=bing.zhu@intel.com \ --cc=dgilbert@redhat.com \ --cc=hmo@opensynergy.com \ --cc=ilias.apalodimas@linaro.org \ --cc=jean-philippe@linaro.org \ --cc=joakim.bech@linaro.org \ --cc=maxim.uvarov@linaro.org \ --cc=qemu-devel@nongnu.org \ --cc=stefanha@redhat.com \ --cc=stratos-dev@op-lists.linaro.org \ --cc=takahiro.akashi@linaro.org \ --cc=tomas.winkler@intel.com \ --cc=virtualization@lists.linuxfoundation.org \ --cc=yang.huang@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.