* [PATCH 0/5] virtiofsd: Add support for file security context at creation
@ 2021-09-24 19:48 ` Vivek Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs
Cc: miklos, chirantan, stephen.smalley.work, dwalsh, dgilbert, vgoyal
Hi,
These patches add support to receive and set file security context at
the time of file creation. This is one of the components needed to
support SELinux on virtiofs.
I have posted kernel patches here just now.
https://lore.kernel.org/linux-fsdevel/20210924192442.916927-1-vgoyal@redhat.com/T/#m971f9001dd622b3f7a96a65899e3f146d2185841
These patches will allow users to configure virtiofsd in multiple modes
to set security context.
A. Guest and host selinux policies can work with each other.
- virtiofsd will use /proc/thread-self/attr/fscreate knob to
set security context before file creation.
B. Remap guest selinux security xattr to something else say,
trusted.virtiofs.security.selinux.
- Give CAP_SYS_ADMIN to virtiofsd.
- "-o -o xattrmap=:map:security.selinux:trusted.virtiofsd.:"
C. If no SELinux on host.
- Give CAP_SYS_ADMIN to virtiofsd.
I have tested mode A and B but yet to test mode C.
I think either mode B or mode C will be most commonly used mode when
guest does need SELinux support in virtiofs.
With these patches, I am able to boot a guest VM with rootfs on virtiofs
and with SELinux enabled in guest.
Please review.
Thanks
Vivek
Vivek Goyal (5):
fuse: Header file changes for FUSE_SECURITY_CTX
fuse_lowlevel.c: Add capability to parse security context
virtiofsd: Move core file creation code in separate function
virtiofsd: Create new file with fscreate set
virtiofsd: Create new file using O_TMPFILE and set security context
include/standard-headers/linux/fuse.h | 14 +-
tools/virtiofsd/fuse_common.h | 5 +
tools/virtiofsd/fuse_i.h | 7 +
tools/virtiofsd/fuse_lowlevel.c | 74 ++++++
tools/virtiofsd/passthrough_ll.c | 366 ++++++++++++++++++++++++--
5 files changed, 436 insertions(+), 30 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Virtio-fs] [PATCH 0/5] virtiofsd: Add support for file security context at creation
@ 2021-09-24 19:48 ` Vivek Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs; +Cc: miklos, stephen.smalley.work, vgoyal
Hi,
These patches add support to receive and set file security context at
the time of file creation. This is one of the components needed to
support SELinux on virtiofs.
I have posted kernel patches here just now.
https://lore.kernel.org/linux-fsdevel/20210924192442.916927-1-vgoyal@redhat.com/T/#m971f9001dd622b3f7a96a65899e3f146d2185841
These patches will allow users to configure virtiofsd in multiple modes
to set security context.
A. Guest and host selinux policies can work with each other.
- virtiofsd will use /proc/thread-self/attr/fscreate knob to
set security context before file creation.
B. Remap guest selinux security xattr to something else say,
trusted.virtiofs.security.selinux.
- Give CAP_SYS_ADMIN to virtiofsd.
- "-o -o xattrmap=:map:security.selinux:trusted.virtiofsd.:"
C. If no SELinux on host.
- Give CAP_SYS_ADMIN to virtiofsd.
I have tested mode A and B but yet to test mode C.
I think either mode B or mode C will be most commonly used mode when
guest does need SELinux support in virtiofs.
With these patches, I am able to boot a guest VM with rootfs on virtiofs
and with SELinux enabled in guest.
Please review.
Thanks
Vivek
Vivek Goyal (5):
fuse: Header file changes for FUSE_SECURITY_CTX
fuse_lowlevel.c: Add capability to parse security context
virtiofsd: Move core file creation code in separate function
virtiofsd: Create new file with fscreate set
virtiofsd: Create new file using O_TMPFILE and set security context
include/standard-headers/linux/fuse.h | 14 +-
tools/virtiofsd/fuse_common.h | 5 +
tools/virtiofsd/fuse_i.h | 7 +
tools/virtiofsd/fuse_lowlevel.c | 74 ++++++
tools/virtiofsd/passthrough_ll.c | 366 ++++++++++++++++++++++++--
5 files changed, 436 insertions(+), 30 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 12+ messages in thread
* [PATCH 1/5] fuse: Header file changes for FUSE_SECURITY_CTX
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
@ 2021-09-24 19:48 ` Vivek Goyal
-1 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs
Cc: miklos, chirantan, stephen.smalley.work, dwalsh, dgilbert, vgoyal
These are just header file changes which should show up in qemu if
corresponding kernel changes get merged.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
include/standard-headers/linux/fuse.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux/fuse.h b/include/standard-headers/linux/fuse.h
index cce105bfba..9e1672fbb2 100644
--- a/include/standard-headers/linux/fuse.h
+++ b/include/standard-headers/linux/fuse.h
@@ -181,6 +181,10 @@
* - add FUSE_OPEN_KILL_SUIDGID
* - extend fuse_setxattr_in, add FUSE_SETXATTR_EXT
* - add FUSE_SETXATTR_ACL_KILL_SGID
+ *
+ * 7.35
+ * - add FUSE_SECURITY_CTX flag for fuse_init_out
+ * - add security context to create, mkdir, symlink, and mknod requests
*/
#ifndef _LINUX_FUSE_H
@@ -212,7 +216,7 @@
#define FUSE_KERNEL_VERSION 7
/** Minor version number of this interface */
-#define FUSE_KERNEL_MINOR_VERSION 33
+#define FUSE_KERNEL_MINOR_VERSION 35
/** The node ID of the root inode */
#define FUSE_ROOT_ID 1
@@ -329,6 +333,8 @@ struct fuse_file_lock {
* write/truncate sgid is killed only if file has group
* execute permission. (Same as Linux VFS behavior).
* FUSE_SETXATTR_EXT: Server supports extended struct fuse_setxattr_in
+ * FUSE_SECURITY_CTX: add security context to create, mkdir, symlink, and
+ * mknod
*/
#define FUSE_ASYNC_READ (1 << 0)
#define FUSE_POSIX_LOCKS (1 << 1)
@@ -360,6 +366,7 @@ struct fuse_file_lock {
#define FUSE_SUBMOUNTS (1 << 27)
#define FUSE_HANDLE_KILLPRIV_V2 (1 << 28)
#define FUSE_SETXATTR_EXT (1 << 29)
+#define FUSE_SECURITY_CTX (1 << 30)
/**
* CUSE INIT request/reply flags
@@ -967,4 +974,9 @@ struct fuse_removemapping_one {
#define FUSE_REMOVEMAPPING_MAX_ENTRY \
(PAGE_SIZE / sizeof(struct fuse_removemapping_one))
+struct fuse_secctx {
+ uint32_t size;
+ uint32_t padding;
+};
+
#endif /* _LINUX_FUSE_H */
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Virtio-fs] [PATCH 1/5] fuse: Header file changes for FUSE_SECURITY_CTX
@ 2021-09-24 19:48 ` Vivek Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs; +Cc: miklos, stephen.smalley.work, vgoyal
These are just header file changes which should show up in qemu if
corresponding kernel changes get merged.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
include/standard-headers/linux/fuse.h | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/include/standard-headers/linux/fuse.h b/include/standard-headers/linux/fuse.h
index cce105bfba..9e1672fbb2 100644
--- a/include/standard-headers/linux/fuse.h
+++ b/include/standard-headers/linux/fuse.h
@@ -181,6 +181,10 @@
* - add FUSE_OPEN_KILL_SUIDGID
* - extend fuse_setxattr_in, add FUSE_SETXATTR_EXT
* - add FUSE_SETXATTR_ACL_KILL_SGID
+ *
+ * 7.35
+ * - add FUSE_SECURITY_CTX flag for fuse_init_out
+ * - add security context to create, mkdir, symlink, and mknod requests
*/
#ifndef _LINUX_FUSE_H
@@ -212,7 +216,7 @@
#define FUSE_KERNEL_VERSION 7
/** Minor version number of this interface */
-#define FUSE_KERNEL_MINOR_VERSION 33
+#define FUSE_KERNEL_MINOR_VERSION 35
/** The node ID of the root inode */
#define FUSE_ROOT_ID 1
@@ -329,6 +333,8 @@ struct fuse_file_lock {
* write/truncate sgid is killed only if file has group
* execute permission. (Same as Linux VFS behavior).
* FUSE_SETXATTR_EXT: Server supports extended struct fuse_setxattr_in
+ * FUSE_SECURITY_CTX: add security context to create, mkdir, symlink, and
+ * mknod
*/
#define FUSE_ASYNC_READ (1 << 0)
#define FUSE_POSIX_LOCKS (1 << 1)
@@ -360,6 +366,7 @@ struct fuse_file_lock {
#define FUSE_SUBMOUNTS (1 << 27)
#define FUSE_HANDLE_KILLPRIV_V2 (1 << 28)
#define FUSE_SETXATTR_EXT (1 << 29)
+#define FUSE_SECURITY_CTX (1 << 30)
/**
* CUSE INIT request/reply flags
@@ -967,4 +974,9 @@ struct fuse_removemapping_one {
#define FUSE_REMOVEMAPPING_MAX_ENTRY \
(PAGE_SIZE / sizeof(struct fuse_removemapping_one))
+struct fuse_secctx {
+ uint32_t size;
+ uint32_t padding;
+};
+
#endif /* _LINUX_FUSE_H */
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 2/5] fuse_lowlevel.c: Add capability to parse security context
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
@ 2021-09-24 19:48 ` Vivek Goyal
-1 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs
Cc: miklos, chirantan, stephen.smalley.work, dwalsh, dgilbert, vgoyal
Add capability to enable and parse security context as sent by client
and put into fuse_req. Filesystems now can get security context from
request and set it on files during creation.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
tools/virtiofsd/fuse_common.h | 5 +++
tools/virtiofsd/fuse_i.h | 7 ++++
tools/virtiofsd/fuse_lowlevel.c | 74 +++++++++++++++++++++++++++++++++
3 files changed, 86 insertions(+)
diff --git a/tools/virtiofsd/fuse_common.h b/tools/virtiofsd/fuse_common.h
index 0c2665b977..6f3485d1dc 100644
--- a/tools/virtiofsd/fuse_common.h
+++ b/tools/virtiofsd/fuse_common.h
@@ -377,6 +377,11 @@ struct fuse_file_info {
*/
#define FUSE_CAP_SETXATTR_EXT (1 << 29)
+/**
+ * Indicates that file server supports creating file security context
+ */
+#define FUSE_CAP_SECURITY_CTX (1 << 30)
+
/**
* Ioctl flags
*
diff --git a/tools/virtiofsd/fuse_i.h b/tools/virtiofsd/fuse_i.h
index 492e002181..a5572fa4ae 100644
--- a/tools/virtiofsd/fuse_i.h
+++ b/tools/virtiofsd/fuse_i.h
@@ -15,6 +15,12 @@
struct fv_VuDev;
struct fv_QueueInfo;
+struct fuse_security_context {
+ const char *name;
+ uint32_t ctxlen;
+ const void *ctx;
+};
+
struct fuse_req {
struct fuse_session *se;
uint64_t unique;
@@ -35,6 +41,7 @@ struct fuse_req {
} u;
struct fuse_req *next;
struct fuse_req *prev;
+ struct fuse_security_context secctx;
};
struct fuse_notify_req {
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index e4679c73ab..fae92e0f3f 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -886,11 +886,41 @@ static void do_readlink(fuse_req_t req, fuse_ino_t nodeid,
}
}
+static int parse_secctx_fill_req(fuse_req_t req, struct fuse_mbuf_iter *iter)
+{
+ struct fuse_secctx *fsecctx;
+ const void *secctx;
+
+ fsecctx = fuse_mbuf_iter_advance(iter, sizeof(*fsecctx));
+ if (!fsecctx) {
+ return -EINVAL;
+ }
+
+ if (fsecctx->size) {
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+ if (!name) {
+ return -EINVAL;
+ }
+
+ secctx = fuse_mbuf_iter_advance(iter, fsecctx->size);
+ if (!secctx) {
+ return -EINVAL;
+ }
+
+ req->secctx.name = name;
+ req->secctx.ctx = secctx;
+ req->secctx.ctxlen = fsecctx->size;
+ }
+ return 0;
+}
+
static void do_mknod(fuse_req_t req, fuse_ino_t nodeid,
struct fuse_mbuf_iter *iter)
{
struct fuse_mknod_in *arg;
const char *name;
+ bool secctx_enabled = req->se->conn.want & FUSE_CAP_SECURITY_CTX;
+ int err;
arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
name = fuse_mbuf_iter_advance_str(iter);
@@ -901,6 +931,13 @@ static void do_mknod(fuse_req_t req, fuse_ino_t nodeid,
req->ctx.umask = arg->umask;
+ if (secctx_enabled) {
+ err = parse_secctx_fill_req(req, iter);
+ if (err) {
+ fuse_reply_err(req, -err);
+ }
+ }
+
if (req->se->op.mknod) {
req->se->op.mknod(req, nodeid, name, arg->mode, arg->rdev);
} else {
@@ -913,6 +950,8 @@ static void do_mkdir(fuse_req_t req, fuse_ino_t nodeid,
{
struct fuse_mkdir_in *arg;
const char *name;
+ bool secctx_enabled = req->se->conn.want & FUSE_CAP_SECURITY_CTX;
+ int err;
arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
name = fuse_mbuf_iter_advance_str(iter);
@@ -923,6 +962,13 @@ static void do_mkdir(fuse_req_t req, fuse_ino_t nodeid,
req->ctx.umask = arg->umask;
+ if (secctx_enabled) {
+ err = parse_secctx_fill_req(req, iter);
+ if (err) {
+ fuse_reply_err(req, err);
+ }
+ }
+
if (req->se->op.mkdir) {
req->se->op.mkdir(req, nodeid, name, arg->mode);
} else {
@@ -969,12 +1015,21 @@ static void do_symlink(fuse_req_t req, fuse_ino_t nodeid,
{
const char *name = fuse_mbuf_iter_advance_str(iter);
const char *linkname = fuse_mbuf_iter_advance_str(iter);
+ bool secctx_enabled = req->se->conn.want & FUSE_CAP_SECURITY_CTX;
+ int err;
if (!name || !linkname) {
fuse_reply_err(req, EINVAL);
return;
}
+ if (secctx_enabled) {
+ err = parse_secctx_fill_req(req, iter);
+ if (err) {
+ fuse_reply_err(req, err);
+ }
+ }
+
if (req->se->op.symlink) {
req->se->op.symlink(req, linkname, nodeid, name);
} else {
@@ -1048,6 +1103,8 @@ static void do_link(fuse_req_t req, fuse_ino_t nodeid,
static void do_create(fuse_req_t req, fuse_ino_t nodeid,
struct fuse_mbuf_iter *iter)
{
+ bool secctx_enabled = req->se->conn.want & FUSE_CAP_SECURITY_CTX;
+
if (req->se->op.create) {
struct fuse_create_in *arg;
struct fuse_file_info fi;
@@ -1060,6 +1117,15 @@ static void do_create(fuse_req_t req, fuse_ino_t nodeid,
return;
}
+ if (secctx_enabled) {
+ int err;
+ err = parse_secctx_fill_req(req, iter);
+ if (err) {
+ fuse_reply_err(req, err);
+ return;
+ }
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
fi.kill_priv = arg->open_flags & FUSE_OPEN_KILL_SUIDGID;
@@ -1997,6 +2063,9 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid,
if (arg->flags & FUSE_SETXATTR_EXT) {
se->conn.capable |= FUSE_CAP_SETXATTR_EXT;
}
+ if (arg->flags & FUSE_SECURITY_CTX) {
+ se->conn.capable |= FUSE_CAP_SECURITY_CTX;
+ }
#ifdef HAVE_SPLICE
#ifdef HAVE_VMSPLICE
se->conn.capable |= FUSE_CAP_SPLICE_WRITE | FUSE_CAP_SPLICE_MOVE;
@@ -2029,6 +2098,7 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid,
LL_SET_DEFAULT(se->op.readdirplus, FUSE_CAP_READDIRPLUS);
LL_SET_DEFAULT(se->op.readdirplus && se->op.readdir,
FUSE_CAP_READDIRPLUS_AUTO);
+ LL_SET_DEFAULT(1, FUSE_CAP_SECURITY_CTX);
se->conn.time_gran = 1;
if (bufsize < FUSE_MIN_READ_BUFFER) {
@@ -2136,6 +2206,10 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid,
outarg.flags |= FUSE_SETXATTR_EXT;
}
+ if (se->conn.want & FUSE_CAP_SECURITY_CTX) {
+ outarg.flags |= FUSE_SECURITY_CTX;
+ }
+
fuse_log(FUSE_LOG_DEBUG, " INIT: %u.%u\n", outarg.major, outarg.minor);
fuse_log(FUSE_LOG_DEBUG, " flags=0x%08x\n", outarg.flags);
fuse_log(FUSE_LOG_DEBUG, " max_readahead=0x%08x\n", outarg.max_readahead);
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Virtio-fs] [PATCH 2/5] fuse_lowlevel.c: Add capability to parse security context
@ 2021-09-24 19:48 ` Vivek Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs; +Cc: miklos, stephen.smalley.work, vgoyal
Add capability to enable and parse security context as sent by client
and put into fuse_req. Filesystems now can get security context from
request and set it on files during creation.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
tools/virtiofsd/fuse_common.h | 5 +++
tools/virtiofsd/fuse_i.h | 7 ++++
tools/virtiofsd/fuse_lowlevel.c | 74 +++++++++++++++++++++++++++++++++
3 files changed, 86 insertions(+)
diff --git a/tools/virtiofsd/fuse_common.h b/tools/virtiofsd/fuse_common.h
index 0c2665b977..6f3485d1dc 100644
--- a/tools/virtiofsd/fuse_common.h
+++ b/tools/virtiofsd/fuse_common.h
@@ -377,6 +377,11 @@ struct fuse_file_info {
*/
#define FUSE_CAP_SETXATTR_EXT (1 << 29)
+/**
+ * Indicates that file server supports creating file security context
+ */
+#define FUSE_CAP_SECURITY_CTX (1 << 30)
+
/**
* Ioctl flags
*
diff --git a/tools/virtiofsd/fuse_i.h b/tools/virtiofsd/fuse_i.h
index 492e002181..a5572fa4ae 100644
--- a/tools/virtiofsd/fuse_i.h
+++ b/tools/virtiofsd/fuse_i.h
@@ -15,6 +15,12 @@
struct fv_VuDev;
struct fv_QueueInfo;
+struct fuse_security_context {
+ const char *name;
+ uint32_t ctxlen;
+ const void *ctx;
+};
+
struct fuse_req {
struct fuse_session *se;
uint64_t unique;
@@ -35,6 +41,7 @@ struct fuse_req {
} u;
struct fuse_req *next;
struct fuse_req *prev;
+ struct fuse_security_context secctx;
};
struct fuse_notify_req {
diff --git a/tools/virtiofsd/fuse_lowlevel.c b/tools/virtiofsd/fuse_lowlevel.c
index e4679c73ab..fae92e0f3f 100644
--- a/tools/virtiofsd/fuse_lowlevel.c
+++ b/tools/virtiofsd/fuse_lowlevel.c
@@ -886,11 +886,41 @@ static void do_readlink(fuse_req_t req, fuse_ino_t nodeid,
}
}
+static int parse_secctx_fill_req(fuse_req_t req, struct fuse_mbuf_iter *iter)
+{
+ struct fuse_secctx *fsecctx;
+ const void *secctx;
+
+ fsecctx = fuse_mbuf_iter_advance(iter, sizeof(*fsecctx));
+ if (!fsecctx) {
+ return -EINVAL;
+ }
+
+ if (fsecctx->size) {
+ const char *name = fuse_mbuf_iter_advance_str(iter);
+ if (!name) {
+ return -EINVAL;
+ }
+
+ secctx = fuse_mbuf_iter_advance(iter, fsecctx->size);
+ if (!secctx) {
+ return -EINVAL;
+ }
+
+ req->secctx.name = name;
+ req->secctx.ctx = secctx;
+ req->secctx.ctxlen = fsecctx->size;
+ }
+ return 0;
+}
+
static void do_mknod(fuse_req_t req, fuse_ino_t nodeid,
struct fuse_mbuf_iter *iter)
{
struct fuse_mknod_in *arg;
const char *name;
+ bool secctx_enabled = req->se->conn.want & FUSE_CAP_SECURITY_CTX;
+ int err;
arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
name = fuse_mbuf_iter_advance_str(iter);
@@ -901,6 +931,13 @@ static void do_mknod(fuse_req_t req, fuse_ino_t nodeid,
req->ctx.umask = arg->umask;
+ if (secctx_enabled) {
+ err = parse_secctx_fill_req(req, iter);
+ if (err) {
+ fuse_reply_err(req, -err);
+ }
+ }
+
if (req->se->op.mknod) {
req->se->op.mknod(req, nodeid, name, arg->mode, arg->rdev);
} else {
@@ -913,6 +950,8 @@ static void do_mkdir(fuse_req_t req, fuse_ino_t nodeid,
{
struct fuse_mkdir_in *arg;
const char *name;
+ bool secctx_enabled = req->se->conn.want & FUSE_CAP_SECURITY_CTX;
+ int err;
arg = fuse_mbuf_iter_advance(iter, sizeof(*arg));
name = fuse_mbuf_iter_advance_str(iter);
@@ -923,6 +962,13 @@ static void do_mkdir(fuse_req_t req, fuse_ino_t nodeid,
req->ctx.umask = arg->umask;
+ if (secctx_enabled) {
+ err = parse_secctx_fill_req(req, iter);
+ if (err) {
+ fuse_reply_err(req, err);
+ }
+ }
+
if (req->se->op.mkdir) {
req->se->op.mkdir(req, nodeid, name, arg->mode);
} else {
@@ -969,12 +1015,21 @@ static void do_symlink(fuse_req_t req, fuse_ino_t nodeid,
{
const char *name = fuse_mbuf_iter_advance_str(iter);
const char *linkname = fuse_mbuf_iter_advance_str(iter);
+ bool secctx_enabled = req->se->conn.want & FUSE_CAP_SECURITY_CTX;
+ int err;
if (!name || !linkname) {
fuse_reply_err(req, EINVAL);
return;
}
+ if (secctx_enabled) {
+ err = parse_secctx_fill_req(req, iter);
+ if (err) {
+ fuse_reply_err(req, err);
+ }
+ }
+
if (req->se->op.symlink) {
req->se->op.symlink(req, linkname, nodeid, name);
} else {
@@ -1048,6 +1103,8 @@ static void do_link(fuse_req_t req, fuse_ino_t nodeid,
static void do_create(fuse_req_t req, fuse_ino_t nodeid,
struct fuse_mbuf_iter *iter)
{
+ bool secctx_enabled = req->se->conn.want & FUSE_CAP_SECURITY_CTX;
+
if (req->se->op.create) {
struct fuse_create_in *arg;
struct fuse_file_info fi;
@@ -1060,6 +1117,15 @@ static void do_create(fuse_req_t req, fuse_ino_t nodeid,
return;
}
+ if (secctx_enabled) {
+ int err;
+ err = parse_secctx_fill_req(req, iter);
+ if (err) {
+ fuse_reply_err(req, err);
+ return;
+ }
+ }
+
memset(&fi, 0, sizeof(fi));
fi.flags = arg->flags;
fi.kill_priv = arg->open_flags & FUSE_OPEN_KILL_SUIDGID;
@@ -1997,6 +2063,9 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid,
if (arg->flags & FUSE_SETXATTR_EXT) {
se->conn.capable |= FUSE_CAP_SETXATTR_EXT;
}
+ if (arg->flags & FUSE_SECURITY_CTX) {
+ se->conn.capable |= FUSE_CAP_SECURITY_CTX;
+ }
#ifdef HAVE_SPLICE
#ifdef HAVE_VMSPLICE
se->conn.capable |= FUSE_CAP_SPLICE_WRITE | FUSE_CAP_SPLICE_MOVE;
@@ -2029,6 +2098,7 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid,
LL_SET_DEFAULT(se->op.readdirplus, FUSE_CAP_READDIRPLUS);
LL_SET_DEFAULT(se->op.readdirplus && se->op.readdir,
FUSE_CAP_READDIRPLUS_AUTO);
+ LL_SET_DEFAULT(1, FUSE_CAP_SECURITY_CTX);
se->conn.time_gran = 1;
if (bufsize < FUSE_MIN_READ_BUFFER) {
@@ -2136,6 +2206,10 @@ static void do_init(fuse_req_t req, fuse_ino_t nodeid,
outarg.flags |= FUSE_SETXATTR_EXT;
}
+ if (se->conn.want & FUSE_CAP_SECURITY_CTX) {
+ outarg.flags |= FUSE_SECURITY_CTX;
+ }
+
fuse_log(FUSE_LOG_DEBUG, " INIT: %u.%u\n", outarg.major, outarg.minor);
fuse_log(FUSE_LOG_DEBUG, " flags=0x%08x\n", outarg.flags);
fuse_log(FUSE_LOG_DEBUG, " max_readahead=0x%08x\n", outarg.max_readahead);
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 3/5] virtiofsd: Move core file creation code in separate function
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
@ 2021-09-24 19:48 ` Vivek Goyal
-1 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs
Cc: miklos, chirantan, stephen.smalley.work, dwalsh, dgilbert, vgoyal
Move core file creation bits in a separate function. Soon this is going
to get more complex as file creation need to set security context also.
And there will be multiple modes of file creation in next patch.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
tools/virtiofsd/passthrough_ll.c | 36 ++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 11 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 64b5b4fbb1..54978b7fae 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -1976,6 +1976,30 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode,
return 0;
}
+static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi, int* open_fd)
+{
+ int err = 0, fd;
+ struct lo_cred old = {};
+ struct lo_data *lo = lo_data(req);
+
+ err = lo_change_cred(req, &old, lo->change_umask);
+ if (err) {
+ return err;
+ }
+
+ /* Try to create a new file but don't open existing files */
+ fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode);
+ if (fd == -1) {
+ err = errno;
+ } else {
+ *open_fd = fd;
+ }
+ lo_restore_cred(&old, lo->change_umask);
+ return err;
+}
+
static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
mode_t mode, struct fuse_file_info *fi)
{
@@ -1985,7 +2009,6 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
struct lo_inode *inode = NULL;
struct fuse_entry_param e;
int err;
- struct lo_cred old = {};
fuse_log(FUSE_LOG_DEBUG, "lo_create(parent=%" PRIu64 ", name=%s)"
" kill_priv=%d\n", parent, name, fi->kill_priv);
@@ -2001,18 +2024,9 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
return;
}
- err = lo_change_cred(req, &old, lo->change_umask);
- if (err) {
- goto out;
- }
-
update_open_flags(lo->writeback, lo->allow_direct_io, fi);
- /* Try to create a new file but don't open existing files */
- fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode);
- err = fd == -1 ? errno : 0;
-
- lo_restore_cred(&old, lo->change_umask);
+ err = do_lo_create(req, parent_inode, name, mode, fi, &fd);
/* Ignore the error if file exists and O_EXCL was not given */
if (err && (err != EEXIST || (fi->flags & O_EXCL))) {
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Virtio-fs] [PATCH 3/5] virtiofsd: Move core file creation code in separate function
@ 2021-09-24 19:48 ` Vivek Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs; +Cc: miklos, stephen.smalley.work, vgoyal
Move core file creation bits in a separate function. Soon this is going
to get more complex as file creation need to set security context also.
And there will be multiple modes of file creation in next patch.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
tools/virtiofsd/passthrough_ll.c | 36 ++++++++++++++++++++++----------
1 file changed, 25 insertions(+), 11 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 64b5b4fbb1..54978b7fae 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -1976,6 +1976,30 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode,
return 0;
}
+static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi, int* open_fd)
+{
+ int err = 0, fd;
+ struct lo_cred old = {};
+ struct lo_data *lo = lo_data(req);
+
+ err = lo_change_cred(req, &old, lo->change_umask);
+ if (err) {
+ return err;
+ }
+
+ /* Try to create a new file but don't open existing files */
+ fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode);
+ if (fd == -1) {
+ err = errno;
+ } else {
+ *open_fd = fd;
+ }
+ lo_restore_cred(&old, lo->change_umask);
+ return err;
+}
+
static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
mode_t mode, struct fuse_file_info *fi)
{
@@ -1985,7 +2009,6 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
struct lo_inode *inode = NULL;
struct fuse_entry_param e;
int err;
- struct lo_cred old = {};
fuse_log(FUSE_LOG_DEBUG, "lo_create(parent=%" PRIu64 ", name=%s)"
" kill_priv=%d\n", parent, name, fi->kill_priv);
@@ -2001,18 +2024,9 @@ static void lo_create(fuse_req_t req, fuse_ino_t parent, const char *name,
return;
}
- err = lo_change_cred(req, &old, lo->change_umask);
- if (err) {
- goto out;
- }
-
update_open_flags(lo->writeback, lo->allow_direct_io, fi);
- /* Try to create a new file but don't open existing files */
- fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode);
- err = fd == -1 ? errno : 0;
-
- lo_restore_cred(&old, lo->change_umask);
+ err = do_lo_create(req, parent_inode, name, mode, fi, &fd);
/* Ignore the error if file exists and O_EXCL was not given */
if (err && (err != EEXIST || (fi->flags & O_EXCL))) {
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 4/5] virtiofsd: Create new file with fscreate set
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
@ 2021-09-24 19:48 ` Vivek Goyal
-1 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs
Cc: miklos, chirantan, stephen.smalley.work, dwalsh, dgilbert, vgoyal
This patch adds support to set /proc/thread-self/attr/fscreate before
file creation. It is set to a value as sent by client. This will allow
for atomic creation of security context on files w.r.t file creation.
This is primarily useful when either there is no SELinux enabled on
host or host and guest policies are in sync and don't conflict.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
tools/virtiofsd/passthrough_ll.c | 284 ++++++++++++++++++++++++++++---
1 file changed, 257 insertions(+), 27 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 54978b7fae..d8c14d3220 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -172,6 +172,8 @@ struct lo_data {
/* An O_PATH file descriptor to /proc/self/fd/ */
int proc_self_fd;
+ /* An O_PATH file descriptor to /proc/self/task/ */
+ int proc_self_task;
int user_killpriv_v2, killpriv_v2;
/* If set, virtiofsd is responsible for setting umask during creation */
bool change_umask;
@@ -229,6 +231,11 @@ static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st,
static int xattr_map_client(const struct lo_data *lo, const char *client_name,
char **out_name);
+#define FCHDIR_NOFAIL(fd) do { \
+ int fchdir_res = fchdir(fd); \
+ assert(fchdir_res == 0); \
+ } while (0)
+
static bool is_dot_or_dotdot(const char *name)
{
return name[0] == '.' &&
@@ -1259,16 +1266,140 @@ static void lo_restore_cred_gain_cap(struct lo_cred *old, bool restore_umask,
}
}
+/* Helpers to set/reset fscreate */
+static int open_set_proc_fscreate(struct lo_data *lo, const void *ctx,
+ size_t ctxlen, int *fd)
+{
+ char procname[64];
+ int fscreate_fd, err = 0;
+ size_t written;
+
+ sprintf(procname, "%d/attr/fscreate", gettid());
+ fscreate_fd = openat(lo->proc_self_task, procname, O_WRONLY);
+ err = fscreate_fd == -1 ? errno : 0;
+ if (err) {
+ return err;
+ }
+
+ written = write(fscreate_fd, ctx, ctxlen);
+ err = written == -1 ? errno : 0;
+ if (err) {
+ goto out;
+ }
+
+ *fd = fscreate_fd;
+ return 0;
+out:
+ close(fscreate_fd);
+ return err;
+}
+
+static void close_reset_proc_fscreate(int fd)
+{
+ if ((write(fd, NULL, 0)) == -1) {
+ fuse_log(FUSE_LOG_WARNING, "Failed to reset fscreate. err=%d\n", errno);
+ }
+ close(fd);
+ return;
+}
+
+static int do_mknod_symlink_secctx(fuse_req_t req, struct lo_inode *dir,
+ const char *name, const char *secctx_name)
+{
+ int path_fd, err;
+ char procname[64];
+ struct lo_data *lo = lo_data(req);
+
+ if (!req->secctx.ctxlen) {
+ return 0;
+ }
+
+ /* Open newly created element with O_PATH */
+ path_fd = openat(dir->fd, name, O_PATH | O_NOFOLLOW);
+ err = path_fd == -1 ? errno : 0;
+ if (err) {
+ return err;
+ }
+ sprintf(procname, "%i", path_fd);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
+ /* Set security context. This is not atomic w.r.t file creation */
+ err = setxattr(procname, secctx_name, req->secctx.ctx, req->secctx.ctxlen,
+ 0);
+ if (err) {
+ err = errno;
+ }
+ FCHDIR_NOFAIL(lo->root.fd);
+ close(path_fd);
+ return err;
+}
+
+static int do_mknod_symlink(fuse_req_t req, struct lo_inode *dir,
+ const char *name, mode_t mode, dev_t rdev,
+ const char *link)
+{
+ int err, fscreate_fd = -1;
+ const char *secctx_name = req->secctx.name;
+ struct lo_cred old = {};
+ struct lo_data *lo = lo_data(req);
+ char *mapped_name = NULL;
+ bool secctx_enabled = req->secctx.ctxlen;
+ bool do_fscreate = false;
+
+ if (secctx_enabled && lo->xattrmap) {
+ err = xattr_map_client(lo, req->secctx.name, &mapped_name);
+ if (err < 0) {
+ return -err;
+ }
+ secctx_name = mapped_name;
+ }
+
+ /*
+ * If security xattr has not been remapped, set fscreate and no
+ * need to do a setxattr() after file creation
+ */
+ if (secctx_enabled && !mapped_name) {
+ do_fscreate = true;
+ err = open_set_proc_fscreate(lo, req->secctx.ctx, req->secctx.ctxlen,
+ &fscreate_fd);
+ if (err) {
+ goto out;
+ }
+ }
+
+ err = lo_change_cred(req, &old, lo->change_umask && !S_ISLNK(mode));
+ if (err) {
+ goto out;
+ }
+
+ err = mknod_wrapper(dir->fd, name, link, mode, rdev);
+ err = err == -1 ? errno : 0;
+ lo_restore_cred(&old, lo->change_umask && !S_ISLNK(mode));
+ if (err) {
+ goto out;
+ }
+
+ if (!do_fscreate) {
+ err = do_mknod_symlink_secctx(req, dir, name, secctx_name);
+ if (err) {
+ unlinkat(dir->fd, name, S_ISDIR(mode) ? AT_REMOVEDIR : 0);
+ }
+ }
+out:
+ if (fscreate_fd != -1) {
+ close_reset_proc_fscreate(fscreate_fd);
+ }
+ g_free(mapped_name);
+ return err;
+}
+
static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
const char *name, mode_t mode, dev_t rdev,
const char *link)
{
- int res;
int saverr;
struct lo_data *lo = lo_data(req);
struct lo_inode *dir;
struct fuse_entry_param e;
- struct lo_cred old = {};
if (is_empty(name)) {
fuse_reply_err(req, ENOENT);
@@ -1286,21 +1417,11 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
return;
}
- saverr = lo_change_cred(req, &old, lo->change_umask && !S_ISLNK(mode));
+ saverr = do_mknod_symlink(req, dir, name, mode, rdev, link);
if (saverr) {
goto out;
}
- res = mknod_wrapper(dir->fd, name, link, mode, rdev);
-
- saverr = errno;
-
- lo_restore_cred(&old, lo->change_umask && !S_ISLNK(mode));
-
- if (res == -1) {
- goto out;
- }
-
saverr = lo_do_lookup(req, parent, name, &e, NULL);
if (saverr) {
goto out;
@@ -1976,13 +2097,16 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode,
return 0;
}
-static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
- const char *name, mode_t mode,
- struct fuse_file_info *fi, int* open_fd)
+static int do_create_nosecctx(fuse_req_t req, struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi, int *open_fd)
{
- int err = 0, fd;
+ int err, fd;
struct lo_cred old = {};
struct lo_data *lo = lo_data(req);
+ int flags;
+
+ flags = fi->flags | O_CREAT | O_EXCL;
err = lo_change_cred(req, &old, lo->change_umask);
if (err) {
@@ -1990,13 +2114,106 @@ static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
}
/* Try to create a new file but don't open existing files */
- fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode);
- if (fd == -1) {
- err = errno;
- } else {
+ fd = openat(parent_inode->fd, name, flags, mode);
+ err = fd == -1 ? errno : 0;
+ lo_restore_cred(&old, lo->change_umask);
+ if (!err) {
*open_fd = fd;
}
- lo_restore_cred(&old, lo->change_umask);
+ return err;
+}
+
+static int do_create_secctx_fscreate(fuse_req_t req,
+ struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi, int *open_fd)
+{
+ int err = 0, fd = -1, fscreate_fd = -1;
+ struct lo_data *lo = lo_data(req);
+
+ err = open_set_proc_fscreate(lo, req->secctx.ctx, req->secctx.ctxlen,
+ &fscreate_fd);
+ if (err) {
+ return err;
+ }
+
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd);
+
+ close_reset_proc_fscreate(fscreate_fd);
+ if (!err) {
+ *open_fd = fd;
+ }
+ return err;
+}
+
+static int do_create_secctx_noatomic(fuse_req_t req,
+ struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi,
+ const char *secctx_name, int *open_fd)
+{
+ int err = 0, fd = -1;
+
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd);
+ if (err) {
+ goto out;
+ }
+
+ /* Set security context. This is not atomic w.r.t file creation */
+ err = fsetxattr(fd, secctx_name, req->secctx.ctx, req->secctx.ctxlen, 0);
+ err = err == -1 ? errno : 0;
+out:
+ if (!err) {
+ *open_fd = fd;
+ } else {
+ if (fd != -1) {
+ close(fd);
+ unlinkat(parent_inode->fd, name, 0);
+ }
+ }
+ return err;
+}
+
+static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi, int *open_fd)
+{
+ struct lo_data *lo = lo_data(req);
+ char *mapped_name = NULL;
+ int err;
+ const char *ctxname = req->secctx.name;
+ bool secctx_enabled = req->secctx.ctxlen;
+
+ if (secctx_enabled && lo->xattrmap) {
+ err = xattr_map_client(lo, req->secctx.name, &mapped_name);
+ if (err < 0) {
+ return -err;
+ }
+
+ ctxname = mapped_name;
+ }
+
+ if (secctx_enabled) {
+ /*
+ * If security.selinux has not been remapped. Use fscreate to set
+ * context before file creation.
+ * Otherwise fallback to non-atomic method of file creation
+ * and xattr settting.
+ */
+ if (!mapped_name) {
+ err = do_create_secctx_fscreate(req, parent_inode, name, mode, fi,
+ open_fd);
+ goto out;
+ }
+
+ err = do_create_secctx_noatomic(req, parent_inode, name, mode, fi,
+ ctxname, open_fd);
+ } else {
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, open_fd);
+ }
+
+out:
+ g_free(mapped_name);
return err;
}
@@ -2831,11 +3048,6 @@ static int xattr_map_server(const struct lo_data *lo, const char *server_name,
return -ENODATA;
}
-#define FCHDIR_NOFAIL(fd) do { \
- int fchdir_res = fchdir(fd); \
- assert(fchdir_res == 0); \
- } while (0)
-
static bool block_xattr(struct lo_data *lo, const char *name)
{
/*
@@ -3497,6 +3709,13 @@ static void setup_namespaces(struct lo_data *lo, struct fuse_session *se)
exit(1);
}
+ /* Get the /proc/self/task descriptor */
+ lo->proc_self_task = open("/proc/self/task/", O_PATH);
+ if (lo->proc_self_task == -1) {
+ fuse_log(FUSE_LOG_ERR, "open(/proc/self/task, O_PATH): %m\n");
+ exit(1);
+ }
+
/*
* We only need /proc/self/fd. Prevent ".." from accessing parent
* directories of /proc/self/fd by bind-mounting it over /proc. Since / was
@@ -3713,6 +3932,12 @@ static void setup_chroot(struct lo_data *lo)
exit(1);
}
+ lo->proc_self_task = open("/proc/self/task", O_PATH);
+ if (lo->proc_self_fd == -1) {
+ fuse_log(FUSE_LOG_ERR, "open(\"/proc/self/task\", O_PATH): %m\n");
+ exit(1);
+ }
+
/*
* Make the shared directory the file system root so that FUSE_OPEN
* (lo_open()) cannot escape the shared directory by opening a symlink.
@@ -3898,6 +4123,10 @@ static void fuse_lo_data_cleanup(struct lo_data *lo)
close(lo->proc_self_fd);
}
+ if (lo->proc_self_task >= 0) {
+ close(lo->proc_self_task);
+ }
+
if (lo->root.fd >= 0) {
close(lo->root.fd);
}
@@ -3925,6 +4154,7 @@ int main(int argc, char *argv[])
.posix_lock = 0,
.allow_direct_io = 0,
.proc_self_fd = -1,
+ .proc_self_task = -1,
.user_killpriv_v2 = -1,
.user_posix_acl = -1,
};
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Virtio-fs] [PATCH 4/5] virtiofsd: Create new file with fscreate set
@ 2021-09-24 19:48 ` Vivek Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs; +Cc: miklos, stephen.smalley.work, vgoyal
This patch adds support to set /proc/thread-self/attr/fscreate before
file creation. It is set to a value as sent by client. This will allow
for atomic creation of security context on files w.r.t file creation.
This is primarily useful when either there is no SELinux enabled on
host or host and guest policies are in sync and don't conflict.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
tools/virtiofsd/passthrough_ll.c | 284 ++++++++++++++++++++++++++++---
1 file changed, 257 insertions(+), 27 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 54978b7fae..d8c14d3220 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -172,6 +172,8 @@ struct lo_data {
/* An O_PATH file descriptor to /proc/self/fd/ */
int proc_self_fd;
+ /* An O_PATH file descriptor to /proc/self/task/ */
+ int proc_self_task;
int user_killpriv_v2, killpriv_v2;
/* If set, virtiofsd is responsible for setting umask during creation */
bool change_umask;
@@ -229,6 +231,11 @@ static struct lo_inode *lo_find(struct lo_data *lo, struct stat *st,
static int xattr_map_client(const struct lo_data *lo, const char *client_name,
char **out_name);
+#define FCHDIR_NOFAIL(fd) do { \
+ int fchdir_res = fchdir(fd); \
+ assert(fchdir_res == 0); \
+ } while (0)
+
static bool is_dot_or_dotdot(const char *name)
{
return name[0] == '.' &&
@@ -1259,16 +1266,140 @@ static void lo_restore_cred_gain_cap(struct lo_cred *old, bool restore_umask,
}
}
+/* Helpers to set/reset fscreate */
+static int open_set_proc_fscreate(struct lo_data *lo, const void *ctx,
+ size_t ctxlen, int *fd)
+{
+ char procname[64];
+ int fscreate_fd, err = 0;
+ size_t written;
+
+ sprintf(procname, "%d/attr/fscreate", gettid());
+ fscreate_fd = openat(lo->proc_self_task, procname, O_WRONLY);
+ err = fscreate_fd == -1 ? errno : 0;
+ if (err) {
+ return err;
+ }
+
+ written = write(fscreate_fd, ctx, ctxlen);
+ err = written == -1 ? errno : 0;
+ if (err) {
+ goto out;
+ }
+
+ *fd = fscreate_fd;
+ return 0;
+out:
+ close(fscreate_fd);
+ return err;
+}
+
+static void close_reset_proc_fscreate(int fd)
+{
+ if ((write(fd, NULL, 0)) == -1) {
+ fuse_log(FUSE_LOG_WARNING, "Failed to reset fscreate. err=%d\n", errno);
+ }
+ close(fd);
+ return;
+}
+
+static int do_mknod_symlink_secctx(fuse_req_t req, struct lo_inode *dir,
+ const char *name, const char *secctx_name)
+{
+ int path_fd, err;
+ char procname[64];
+ struct lo_data *lo = lo_data(req);
+
+ if (!req->secctx.ctxlen) {
+ return 0;
+ }
+
+ /* Open newly created element with O_PATH */
+ path_fd = openat(dir->fd, name, O_PATH | O_NOFOLLOW);
+ err = path_fd == -1 ? errno : 0;
+ if (err) {
+ return err;
+ }
+ sprintf(procname, "%i", path_fd);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
+ /* Set security context. This is not atomic w.r.t file creation */
+ err = setxattr(procname, secctx_name, req->secctx.ctx, req->secctx.ctxlen,
+ 0);
+ if (err) {
+ err = errno;
+ }
+ FCHDIR_NOFAIL(lo->root.fd);
+ close(path_fd);
+ return err;
+}
+
+static int do_mknod_symlink(fuse_req_t req, struct lo_inode *dir,
+ const char *name, mode_t mode, dev_t rdev,
+ const char *link)
+{
+ int err, fscreate_fd = -1;
+ const char *secctx_name = req->secctx.name;
+ struct lo_cred old = {};
+ struct lo_data *lo = lo_data(req);
+ char *mapped_name = NULL;
+ bool secctx_enabled = req->secctx.ctxlen;
+ bool do_fscreate = false;
+
+ if (secctx_enabled && lo->xattrmap) {
+ err = xattr_map_client(lo, req->secctx.name, &mapped_name);
+ if (err < 0) {
+ return -err;
+ }
+ secctx_name = mapped_name;
+ }
+
+ /*
+ * If security xattr has not been remapped, set fscreate and no
+ * need to do a setxattr() after file creation
+ */
+ if (secctx_enabled && !mapped_name) {
+ do_fscreate = true;
+ err = open_set_proc_fscreate(lo, req->secctx.ctx, req->secctx.ctxlen,
+ &fscreate_fd);
+ if (err) {
+ goto out;
+ }
+ }
+
+ err = lo_change_cred(req, &old, lo->change_umask && !S_ISLNK(mode));
+ if (err) {
+ goto out;
+ }
+
+ err = mknod_wrapper(dir->fd, name, link, mode, rdev);
+ err = err == -1 ? errno : 0;
+ lo_restore_cred(&old, lo->change_umask && !S_ISLNK(mode));
+ if (err) {
+ goto out;
+ }
+
+ if (!do_fscreate) {
+ err = do_mknod_symlink_secctx(req, dir, name, secctx_name);
+ if (err) {
+ unlinkat(dir->fd, name, S_ISDIR(mode) ? AT_REMOVEDIR : 0);
+ }
+ }
+out:
+ if (fscreate_fd != -1) {
+ close_reset_proc_fscreate(fscreate_fd);
+ }
+ g_free(mapped_name);
+ return err;
+}
+
static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
const char *name, mode_t mode, dev_t rdev,
const char *link)
{
- int res;
int saverr;
struct lo_data *lo = lo_data(req);
struct lo_inode *dir;
struct fuse_entry_param e;
- struct lo_cred old = {};
if (is_empty(name)) {
fuse_reply_err(req, ENOENT);
@@ -1286,21 +1417,11 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent,
return;
}
- saverr = lo_change_cred(req, &old, lo->change_umask && !S_ISLNK(mode));
+ saverr = do_mknod_symlink(req, dir, name, mode, rdev, link);
if (saverr) {
goto out;
}
- res = mknod_wrapper(dir->fd, name, link, mode, rdev);
-
- saverr = errno;
-
- lo_restore_cred(&old, lo->change_umask && !S_ISLNK(mode));
-
- if (res == -1) {
- goto out;
- }
-
saverr = lo_do_lookup(req, parent, name, &e, NULL);
if (saverr) {
goto out;
@@ -1976,13 +2097,16 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode,
return 0;
}
-static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
- const char *name, mode_t mode,
- struct fuse_file_info *fi, int* open_fd)
+static int do_create_nosecctx(fuse_req_t req, struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi, int *open_fd)
{
- int err = 0, fd;
+ int err, fd;
struct lo_cred old = {};
struct lo_data *lo = lo_data(req);
+ int flags;
+
+ flags = fi->flags | O_CREAT | O_EXCL;
err = lo_change_cred(req, &old, lo->change_umask);
if (err) {
@@ -1990,13 +2114,106 @@ static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
}
/* Try to create a new file but don't open existing files */
- fd = openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mode);
- if (fd == -1) {
- err = errno;
- } else {
+ fd = openat(parent_inode->fd, name, flags, mode);
+ err = fd == -1 ? errno : 0;
+ lo_restore_cred(&old, lo->change_umask);
+ if (!err) {
*open_fd = fd;
}
- lo_restore_cred(&old, lo->change_umask);
+ return err;
+}
+
+static int do_create_secctx_fscreate(fuse_req_t req,
+ struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi, int *open_fd)
+{
+ int err = 0, fd = -1, fscreate_fd = -1;
+ struct lo_data *lo = lo_data(req);
+
+ err = open_set_proc_fscreate(lo, req->secctx.ctx, req->secctx.ctxlen,
+ &fscreate_fd);
+ if (err) {
+ return err;
+ }
+
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd);
+
+ close_reset_proc_fscreate(fscreate_fd);
+ if (!err) {
+ *open_fd = fd;
+ }
+ return err;
+}
+
+static int do_create_secctx_noatomic(fuse_req_t req,
+ struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi,
+ const char *secctx_name, int *open_fd)
+{
+ int err = 0, fd = -1;
+
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd);
+ if (err) {
+ goto out;
+ }
+
+ /* Set security context. This is not atomic w.r.t file creation */
+ err = fsetxattr(fd, secctx_name, req->secctx.ctx, req->secctx.ctxlen, 0);
+ err = err == -1 ? errno : 0;
+out:
+ if (!err) {
+ *open_fd = fd;
+ } else {
+ if (fd != -1) {
+ close(fd);
+ unlinkat(parent_inode->fd, name, 0);
+ }
+ }
+ return err;
+}
+
+static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi, int *open_fd)
+{
+ struct lo_data *lo = lo_data(req);
+ char *mapped_name = NULL;
+ int err;
+ const char *ctxname = req->secctx.name;
+ bool secctx_enabled = req->secctx.ctxlen;
+
+ if (secctx_enabled && lo->xattrmap) {
+ err = xattr_map_client(lo, req->secctx.name, &mapped_name);
+ if (err < 0) {
+ return -err;
+ }
+
+ ctxname = mapped_name;
+ }
+
+ if (secctx_enabled) {
+ /*
+ * If security.selinux has not been remapped. Use fscreate to set
+ * context before file creation.
+ * Otherwise fallback to non-atomic method of file creation
+ * and xattr settting.
+ */
+ if (!mapped_name) {
+ err = do_create_secctx_fscreate(req, parent_inode, name, mode, fi,
+ open_fd);
+ goto out;
+ }
+
+ err = do_create_secctx_noatomic(req, parent_inode, name, mode, fi,
+ ctxname, open_fd);
+ } else {
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, open_fd);
+ }
+
+out:
+ g_free(mapped_name);
return err;
}
@@ -2831,11 +3048,6 @@ static int xattr_map_server(const struct lo_data *lo, const char *server_name,
return -ENODATA;
}
-#define FCHDIR_NOFAIL(fd) do { \
- int fchdir_res = fchdir(fd); \
- assert(fchdir_res == 0); \
- } while (0)
-
static bool block_xattr(struct lo_data *lo, const char *name)
{
/*
@@ -3497,6 +3709,13 @@ static void setup_namespaces(struct lo_data *lo, struct fuse_session *se)
exit(1);
}
+ /* Get the /proc/self/task descriptor */
+ lo->proc_self_task = open("/proc/self/task/", O_PATH);
+ if (lo->proc_self_task == -1) {
+ fuse_log(FUSE_LOG_ERR, "open(/proc/self/task, O_PATH): %m\n");
+ exit(1);
+ }
+
/*
* We only need /proc/self/fd. Prevent ".." from accessing parent
* directories of /proc/self/fd by bind-mounting it over /proc. Since / was
@@ -3713,6 +3932,12 @@ static void setup_chroot(struct lo_data *lo)
exit(1);
}
+ lo->proc_self_task = open("/proc/self/task", O_PATH);
+ if (lo->proc_self_fd == -1) {
+ fuse_log(FUSE_LOG_ERR, "open(\"/proc/self/task\", O_PATH): %m\n");
+ exit(1);
+ }
+
/*
* Make the shared directory the file system root so that FUSE_OPEN
* (lo_open()) cannot escape the shared directory by opening a symlink.
@@ -3898,6 +4123,10 @@ static void fuse_lo_data_cleanup(struct lo_data *lo)
close(lo->proc_self_fd);
}
+ if (lo->proc_self_task >= 0) {
+ close(lo->proc_self_task);
+ }
+
if (lo->root.fd >= 0) {
close(lo->root.fd);
}
@@ -3925,6 +4154,7 @@ int main(int argc, char *argv[])
.posix_lock = 0,
.allow_direct_io = 0,
.proc_self_fd = -1,
+ .proc_self_task = -1,
.user_killpriv_v2 = -1,
.user_posix_acl = -1,
};
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [PATCH 5/5] virtiofsd: Create new file using O_TMPFILE and set security context
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
@ 2021-09-24 19:48 ` Vivek Goyal
-1 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs
Cc: miklos, chirantan, stephen.smalley.work, dwalsh, dgilbert, vgoyal
If guest and host policies can't work with each other, then guest security
context (selinux label) needs to be set into an xattr. Say remap guest
security.selinux xattr to trusted.virtiofs.security.selinux.
That means setting "fscreate" is not going to help as that's ony useful
for security.selinux xattr on host.
So we need another method which is atomic. Use O_TMPFILE to create new
file, set xattr and then linkat() to proper place.
But this works only for regular files. So dir, symlinks will continue
to be non-atomic.
Also if host filesystem does not support O_TMPFILE, we fallback to
non-atomic behavior.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
tools/virtiofsd/passthrough_ll.c | 78 +++++++++++++++++++++++++++++---
1 file changed, 71 insertions(+), 7 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index d8c14d3220..f5c3746510 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2099,14 +2099,29 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode,
static int do_create_nosecctx(fuse_req_t req, struct lo_inode *parent_inode,
const char *name, mode_t mode,
- struct fuse_file_info *fi, int *open_fd)
+ struct fuse_file_info *fi, int *open_fd,
+ bool tmpfile)
{
int err, fd;
struct lo_cred old = {};
struct lo_data *lo = lo_data(req);
int flags;
- flags = fi->flags | O_CREAT | O_EXCL;
+ if (tmpfile) {
+ flags = fi->flags | O_TMPFILE;
+ /*
+ * Don't use O_EXCL as we want to link file later. Also reset O_CREAT
+ * otherwise openat() returns -EINVAL.
+ */
+ flags &= ~(O_CREAT | O_EXCL);
+
+ /* O_TMPFILE needs either O_RDWR or O_WRONLY */
+ if ((flags & O_ACCMODE) == O_RDONLY) {
+ flags |= O_RDWR;
+ }
+ } else {
+ flags = fi->flags | O_CREAT | O_EXCL;
+ }
err = lo_change_cred(req, &old, lo->change_umask);
if (err) {
@@ -2137,7 +2152,7 @@ static int do_create_secctx_fscreate(fuse_req_t req,
return err;
}
- err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd);
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd, false);
close_reset_proc_fscreate(fscreate_fd);
if (!err) {
@@ -2146,6 +2161,44 @@ static int do_create_secctx_fscreate(fuse_req_t req,
return err;
}
+static int do_create_secctx_tmpfile(fuse_req_t req,
+ struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi,
+ const char *secctx_name, int *open_fd)
+{
+ int err, fd = -1;
+ struct lo_data *lo = lo_data(req);
+ char procname[64];
+
+ err = do_create_nosecctx(req, parent_inode, ".", mode, fi, &fd, true);
+ if (err) {
+ return err;
+ }
+
+ err = fsetxattr(fd, secctx_name, req->secctx.ctx, req->secctx.ctxlen, 0);
+ if (err) {
+ err = errno;
+ goto out;
+ }
+
+ /* Security context set on file. Link it in place */
+ sprintf(procname, "%d", fd);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
+ err = linkat(AT_FDCWD, procname, parent_inode->fd, name,
+ AT_SYMLINK_FOLLOW);
+ err = err == -1 ? errno : 0;
+ FCHDIR_NOFAIL(lo->root.fd);
+
+out:
+ if (!err) {
+ *open_fd = fd;
+ } else if (fd != -1) {
+ close(fd);
+ }
+ return err;
+}
+
static int do_create_secctx_noatomic(fuse_req_t req,
struct lo_inode *parent_inode,
const char *name, mode_t mode,
@@ -2154,7 +2207,7 @@ static int do_create_secctx_noatomic(fuse_req_t req,
{
int err = 0, fd = -1;
- err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd);
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd, false);
if (err) {
goto out;
}
@@ -2196,20 +2249,31 @@ static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
if (secctx_enabled) {
/*
* If security.selinux has not been remapped. Use fscreate to set
- * context before file creation.
- * Otherwise fallback to non-atomic method of file creation
+ * context before file creation. Use tempfile method for regular
+ * files. Otherwise fallback to non-atomic method of file creation
* and xattr settting.
*/
if (!mapped_name) {
err = do_create_secctx_fscreate(req, parent_inode, name, mode, fi,
open_fd);
goto out;
+ } else if (S_ISREG(mode)) {
+ err = do_create_secctx_tmpfile(req, parent_inode, name, mode, fi,
+ ctxname, open_fd);
+ /*
+ * If filesystem does not support O_TMPFILE, fallback to non-atomic
+ * method.
+ */
+ if (!err || err != EOPNOTSUPP) {
+ goto out;
+ }
}
err = do_create_secctx_noatomic(req, parent_inode, name, mode, fi,
ctxname, open_fd);
} else {
- err = do_create_nosecctx(req, parent_inode, name, mode, fi, open_fd);
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, open_fd,
+ false);
}
out:
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Virtio-fs] [PATCH 5/5] virtiofsd: Create new file using O_TMPFILE and set security context
@ 2021-09-24 19:48 ` Vivek Goyal
0 siblings, 0 replies; 12+ messages in thread
From: Vivek Goyal @ 2021-09-24 19:48 UTC (permalink / raw)
To: qemu-devel, virtio-fs; +Cc: miklos, stephen.smalley.work, vgoyal
If guest and host policies can't work with each other, then guest security
context (selinux label) needs to be set into an xattr. Say remap guest
security.selinux xattr to trusted.virtiofs.security.selinux.
That means setting "fscreate" is not going to help as that's ony useful
for security.selinux xattr on host.
So we need another method which is atomic. Use O_TMPFILE to create new
file, set xattr and then linkat() to proper place.
But this works only for regular files. So dir, symlinks will continue
to be non-atomic.
Also if host filesystem does not support O_TMPFILE, we fallback to
non-atomic behavior.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
tools/virtiofsd/passthrough_ll.c | 78 +++++++++++++++++++++++++++++---
1 file changed, 71 insertions(+), 7 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index d8c14d3220..f5c3746510 100644
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@@ -2099,14 +2099,29 @@ static int lo_do_open(struct lo_data *lo, struct lo_inode *inode,
static int do_create_nosecctx(fuse_req_t req, struct lo_inode *parent_inode,
const char *name, mode_t mode,
- struct fuse_file_info *fi, int *open_fd)
+ struct fuse_file_info *fi, int *open_fd,
+ bool tmpfile)
{
int err, fd;
struct lo_cred old = {};
struct lo_data *lo = lo_data(req);
int flags;
- flags = fi->flags | O_CREAT | O_EXCL;
+ if (tmpfile) {
+ flags = fi->flags | O_TMPFILE;
+ /*
+ * Don't use O_EXCL as we want to link file later. Also reset O_CREAT
+ * otherwise openat() returns -EINVAL.
+ */
+ flags &= ~(O_CREAT | O_EXCL);
+
+ /* O_TMPFILE needs either O_RDWR or O_WRONLY */
+ if ((flags & O_ACCMODE) == O_RDONLY) {
+ flags |= O_RDWR;
+ }
+ } else {
+ flags = fi->flags | O_CREAT | O_EXCL;
+ }
err = lo_change_cred(req, &old, lo->change_umask);
if (err) {
@@ -2137,7 +2152,7 @@ static int do_create_secctx_fscreate(fuse_req_t req,
return err;
}
- err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd);
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd, false);
close_reset_proc_fscreate(fscreate_fd);
if (!err) {
@@ -2146,6 +2161,44 @@ static int do_create_secctx_fscreate(fuse_req_t req,
return err;
}
+static int do_create_secctx_tmpfile(fuse_req_t req,
+ struct lo_inode *parent_inode,
+ const char *name, mode_t mode,
+ struct fuse_file_info *fi,
+ const char *secctx_name, int *open_fd)
+{
+ int err, fd = -1;
+ struct lo_data *lo = lo_data(req);
+ char procname[64];
+
+ err = do_create_nosecctx(req, parent_inode, ".", mode, fi, &fd, true);
+ if (err) {
+ return err;
+ }
+
+ err = fsetxattr(fd, secctx_name, req->secctx.ctx, req->secctx.ctxlen, 0);
+ if (err) {
+ err = errno;
+ goto out;
+ }
+
+ /* Security context set on file. Link it in place */
+ sprintf(procname, "%d", fd);
+ FCHDIR_NOFAIL(lo->proc_self_fd);
+ err = linkat(AT_FDCWD, procname, parent_inode->fd, name,
+ AT_SYMLINK_FOLLOW);
+ err = err == -1 ? errno : 0;
+ FCHDIR_NOFAIL(lo->root.fd);
+
+out:
+ if (!err) {
+ *open_fd = fd;
+ } else if (fd != -1) {
+ close(fd);
+ }
+ return err;
+}
+
static int do_create_secctx_noatomic(fuse_req_t req,
struct lo_inode *parent_inode,
const char *name, mode_t mode,
@@ -2154,7 +2207,7 @@ static int do_create_secctx_noatomic(fuse_req_t req,
{
int err = 0, fd = -1;
- err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd);
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, &fd, false);
if (err) {
goto out;
}
@@ -2196,20 +2249,31 @@ static int do_lo_create(fuse_req_t req, struct lo_inode *parent_inode,
if (secctx_enabled) {
/*
* If security.selinux has not been remapped. Use fscreate to set
- * context before file creation.
- * Otherwise fallback to non-atomic method of file creation
+ * context before file creation. Use tempfile method for regular
+ * files. Otherwise fallback to non-atomic method of file creation
* and xattr settting.
*/
if (!mapped_name) {
err = do_create_secctx_fscreate(req, parent_inode, name, mode, fi,
open_fd);
goto out;
+ } else if (S_ISREG(mode)) {
+ err = do_create_secctx_tmpfile(req, parent_inode, name, mode, fi,
+ ctxname, open_fd);
+ /*
+ * If filesystem does not support O_TMPFILE, fallback to non-atomic
+ * method.
+ */
+ if (!err || err != EOPNOTSUPP) {
+ goto out;
+ }
}
err = do_create_secctx_noatomic(req, parent_inode, name, mode, fi,
ctxname, open_fd);
} else {
- err = do_create_nosecctx(req, parent_inode, name, mode, fi, open_fd);
+ err = do_create_nosecctx(req, parent_inode, name, mode, fi, open_fd,
+ false);
}
out:
--
2.31.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
end of thread, other threads:[~2021-09-24 19:57 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-24 19:48 [PATCH 0/5] virtiofsd: Add support for file security context at creation Vivek Goyal
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
2021-09-24 19:48 ` [PATCH 1/5] fuse: Header file changes for FUSE_SECURITY_CTX Vivek Goyal
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
2021-09-24 19:48 ` [PATCH 2/5] fuse_lowlevel.c: Add capability to parse security context Vivek Goyal
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
2021-09-24 19:48 ` [PATCH 3/5] virtiofsd: Move core file creation code in separate function Vivek Goyal
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
2021-09-24 19:48 ` [PATCH 4/5] virtiofsd: Create new file with fscreate set Vivek Goyal
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
2021-09-24 19:48 ` [PATCH 5/5] virtiofsd: Create new file using O_TMPFILE and set security context Vivek Goyal
2021-09-24 19:48 ` [Virtio-fs] " Vivek Goyal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.