From: Vivek Goyal <vgoyal@redhat.com> To: qemu-devel@nongnu.org, virtio-fs@redhat.com Cc: miklos@szeredi.hu, chirantan@chromium.org, stephen.smalley.work@gmail.com, dwalsh@redhat.com, dgilbert@redhat.com, omosnace@redhat.com, casey@schaufler-ca.com, vgoyal@redhat.com Subject: [PATCH v2 0/6] virtiofsd: Add support for file security context at creation Date: Thu, 14 Oct 2021 11:31:20 -0400 [thread overview] Message-ID: <20211014153126.575173-1-vgoyal@redhat.com> (raw) Hi, This is v2 of patches. I posted v1 here. https://lore.kernel.org/qemu-devel/20210924194854.919414-1-vgoyal@redhat.com/ Posted corresponding kernel patches here. https://lore.kernel.org/linux-fsdevel/20211012180624.447474-1-vgoyal@redhat.com/ changes since v1: - Modified patches to handle changes to fuse protocol which allowed protocol to send multiple security lables. As of now we can handle only one label and we expect it to be selinux label. - Added an option (-o security_label/no_security_label) to enable/disable security label. It is disabled by default. - Did a fix to not use fscreate if host does not have selinux enabled. Description ----------- These patches add support to receive and set file security context at the time of file creation. This is one of the components needed to support SELinux on virtiofs. These patches will allow users to configure virtiofsd in multiple modes to set security context. A. Guest and host selinux policies can work with each other. - virtiofsd will use /proc/thread-self/attr/fscreate knob to set security context before file creation. B. Remap guest selinux security xattr to something else say, trusted.virtiofs.security.selinux. - Give CAP_SYS_ADMIN to virtiofsd. - "-o -o xattrmap=:map:security.selinux:trusted.virtiofsd.:" C. If no SELinux on host. - Give CAP_SYS_ADMIN to virtiofsd and security xattr will be saved in security.selinux xattr on host. With these patches, I am able to boot a guest VM with rootfs on virtiofs and with SELinux enabled in guest. Vivek Goyal (6): fuse: Header file changes for FUSE_SECURITY_CTX virtiofsd, fuse_lowlevel.c: Add capability to parse security context virtiofsd: Move core file creation code in separate function virtiofsd: Create new file with fscreate set virtiofsd: Create new file using O_TMPFILE and set security context virtiofsd: Add an option to enable/disable security label docs/tools/virtiofsd.rst | 7 + include/standard-headers/linux/fuse.h | 19 +- tools/virtiofsd/fuse_common.h | 5 + tools/virtiofsd/fuse_i.h | 7 + tools/virtiofsd/fuse_lowlevel.c | 91 ++++++ tools/virtiofsd/helper.c | 1 + tools/virtiofsd/passthrough_ll.c | 414 ++++++++++++++++++++++++-- 7 files changed, 514 insertions(+), 30 deletions(-) -- 2.31.1
WARNING: multiple messages have this Message-ID (diff)
From: Vivek Goyal <vgoyal@redhat.com> To: qemu-devel@nongnu.org, virtio-fs@redhat.com Cc: miklos@szeredi.hu, stephen.smalley.work@gmail.com, omosnace@redhat.com, casey@schaufler-ca.com, vgoyal@redhat.com Subject: [Virtio-fs] [PATCH v2 0/6] virtiofsd: Add support for file security context at creation Date: Thu, 14 Oct 2021 11:31:20 -0400 [thread overview] Message-ID: <20211014153126.575173-1-vgoyal@redhat.com> (raw) Hi, This is v2 of patches. I posted v1 here. https://lore.kernel.org/qemu-devel/20210924194854.919414-1-vgoyal@redhat.com/ Posted corresponding kernel patches here. https://lore.kernel.org/linux-fsdevel/20211012180624.447474-1-vgoyal@redhat.com/ changes since v1: - Modified patches to handle changes to fuse protocol which allowed protocol to send multiple security lables. As of now we can handle only one label and we expect it to be selinux label. - Added an option (-o security_label/no_security_label) to enable/disable security label. It is disabled by default. - Did a fix to not use fscreate if host does not have selinux enabled. Description ----------- These patches add support to receive and set file security context at the time of file creation. This is one of the components needed to support SELinux on virtiofs. These patches will allow users to configure virtiofsd in multiple modes to set security context. A. Guest and host selinux policies can work with each other. - virtiofsd will use /proc/thread-self/attr/fscreate knob to set security context before file creation. B. Remap guest selinux security xattr to something else say, trusted.virtiofs.security.selinux. - Give CAP_SYS_ADMIN to virtiofsd. - "-o -o xattrmap=:map:security.selinux:trusted.virtiofsd.:" C. If no SELinux on host. - Give CAP_SYS_ADMIN to virtiofsd and security xattr will be saved in security.selinux xattr on host. With these patches, I am able to boot a guest VM with rootfs on virtiofs and with SELinux enabled in guest. Vivek Goyal (6): fuse: Header file changes for FUSE_SECURITY_CTX virtiofsd, fuse_lowlevel.c: Add capability to parse security context virtiofsd: Move core file creation code in separate function virtiofsd: Create new file with fscreate set virtiofsd: Create new file using O_TMPFILE and set security context virtiofsd: Add an option to enable/disable security label docs/tools/virtiofsd.rst | 7 + include/standard-headers/linux/fuse.h | 19 +- tools/virtiofsd/fuse_common.h | 5 + tools/virtiofsd/fuse_i.h | 7 + tools/virtiofsd/fuse_lowlevel.c | 91 ++++++ tools/virtiofsd/helper.c | 1 + tools/virtiofsd/passthrough_ll.c | 414 ++++++++++++++++++++++++-- 7 files changed, 514 insertions(+), 30 deletions(-) -- 2.31.1
next reply other threads:[~2021-10-14 15:37 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2021-10-14 15:31 Vivek Goyal [this message] 2021-10-14 15:31 ` [Virtio-fs] [PATCH v2 0/6] virtiofsd: Add support for file security context at creation Vivek Goyal 2021-10-14 15:31 ` [PATCH v2 1/6] fuse: Header file changes for FUSE_SECURITY_CTX Vivek Goyal 2021-10-14 15:31 ` [Virtio-fs] " Vivek Goyal 2021-10-14 15:31 ` [PATCH v2 2/6] virtiofsd, fuse_lowlevel.c: Add capability to parse security context Vivek Goyal 2021-10-14 15:31 ` [Virtio-fs] " Vivek Goyal 2021-10-14 15:31 ` [PATCH v2 3/6] virtiofsd: Move core file creation code in separate function Vivek Goyal 2021-10-14 15:31 ` [Virtio-fs] " Vivek Goyal 2021-10-14 15:31 ` [PATCH v2 4/6] virtiofsd: Create new file with fscreate set Vivek Goyal 2021-10-14 15:31 ` [Virtio-fs] " Vivek Goyal 2021-10-14 15:31 ` [PATCH v2 5/6] virtiofsd: Create new file using O_TMPFILE and set security context Vivek Goyal 2021-10-14 15:31 ` [Virtio-fs] " Vivek Goyal 2021-10-14 15:31 ` [PATCH v2 6/6] virtiofsd: Add an option to enable/disable security label Vivek Goyal 2021-10-14 15:31 ` [Virtio-fs] " Vivek Goyal
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20211014153126.575173-1-vgoyal@redhat.com \ --to=vgoyal@redhat.com \ --cc=casey@schaufler-ca.com \ --cc=chirantan@chromium.org \ --cc=dgilbert@redhat.com \ --cc=dwalsh@redhat.com \ --cc=miklos@szeredi.hu \ --cc=omosnace@redhat.com \ --cc=qemu-devel@nongnu.org \ --cc=stephen.smalley.work@gmail.com \ --cc=virtio-fs@redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.