The new option is:
-fsdev local,id=jvrao,path=/tmp/,security_model=[mapped|passthrough]
-virtfs local,path=/tmp/,security_model=[mapped|passthrough],mnt_tag=v_tmp.
In the case of mapped security model, files are created with QEMU user
credentials and the client-user's credentials are saved in extended attributes.
Whereas in the case of passthrough security model, files on the
filesystem are directly created with client-user's credentials.
Signed-off-by: Venkateswararao Jujjuri <jv...@linux.vnet.ibm.com>
---
fsdev/qemu-fsdev.c | 2 ++
fsdev/qemu-fsdev.h | 1 +
hw/virtio-9p.c | 14 ++++++++++++++
qemu-config.c | 12 +++++++++---
qemu-options.hx | 15 +++++++++++----
vl.c | 8 +++++---
6 files changed, 42 insertions(+), 10 deletions(-)
diff --git a/fsdev/qemu-fsdev.c b/fsdev/qemu-fsdev.c
index 813e1f7..8148518 100644
--- a/fsdev/qemu-fsdev.c
+++ b/fsdev/qemu-fsdev.c
@@ -50,6 +50,8 @@ int qemu_fsdev_add(QemuOpts *opts)
fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
+ fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
+ "security_model"));
fsle->fse.ops = FsTypes[i].ops;
QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
diff --git a/fsdev/qemu-fsdev.h b/fsdev/qemu-fsdev.h
index b50fbe0..6c27881 100644
--- a/fsdev/qemu-fsdev.h
+++ b/fsdev/qemu-fsdev.h
@@ -40,6 +40,7 @@ typedef struct FsTypeTable {
typedef struct FsTypeEntry {
char *fsdev_id;
char *path;
+ char *security_model;
FileOperations *ops;
} FsTypeEntry;
diff --git a/hw/virtio-9p.c b/hw/virtio-9p.c
index 687abc0..8ecd39c 100644
--- a/hw/virtio-9p.c
+++ b/hw/virtio-9p.c
@@ -2413,6 +2413,20 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf
*conf)
exit(1);
}
+ if (!strcmp(fse->security_model, "passthrough")) {
+ /* Files on the Fileserver set to client user credentials */
+ } else if (!strcmp(fse->security_model, "mapped")) {
+ /* Files on the fileserver are set to QEMU credentials.
+ * Client user credentials are saved in extended attributes.
+ */
+ } else {
+ /* user haven't specified a correct security option */
+ fprintf(stderr, "one of the following must be specified as the"
+ "security option:\n\t security_model=passthrough \n\t "
+ "security_model=mapped\n");
+ exit(1);
+ }
+
if (lstat(fse->path, &stat)) {
fprintf(stderr, "share path %s does not exist\n", fse->path);
exit(1);
diff --git a/qemu-config.c b/qemu-config.c
index d500885..e1e3aa1 100644
--- a/qemu-config.c
+++ b/qemu-config.c
@@ -160,9 +160,12 @@ QemuOptsList qemu_fsdev_opts = {
{
.name = "fstype",
.type = QEMU_OPT_STRING,
- }, {
+ },{
.name = "path",
.type = QEMU_OPT_STRING,
+ },{
+ .name = "security_model",
+ .type = QEMU_OPT_STRING,
},
{ /*End of list */ }
},
@@ -178,12 +181,15 @@ QemuOptsList qemu_virtfs_opts = {
{
.name = "fstype",
.type = QEMU_OPT_STRING,
- }, {
+ },{
.name = "path",
.type = QEMU_OPT_STRING,
- }, {
+ },{
.name = "mount_tag",
.type = QEMU_OPT_STRING,
+ },{
+ .name = "security_model",
+ .type = QEMU_OPT_STRING,
},
{ /*End of list */ }
diff --git a/qemu-options.hx b/qemu-options.hx
index 12f6b51..d557c92 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -482,7 +482,7 @@ ETEXI
DEFHEADING(File system options:)
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
- "-fsdev local,id=id,path=path\n",
+ "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
QEMU_ARCH_ALL)
STEXI
@@ -498,7 +498,7 @@ The specific Fstype will determine the applicable options.
Options to each backend are described below.
-...@item -fsdev local ,i...@var{id} ,pa...@var{path}
+...@item -fsdev local ,i...@var{id} ,pa...@var{path}
,security_mod...@var{security_model}
Create a file-system-"device" for local-filesystem.
@@ -506,6 +506,9 @@ Create a file-system-"device" for local-filesystem.
@option{path} specifies the path to be exported. @option{path} is required.
+...@option{security_model} specifies the security model to be followed.
+...@option{security_model} is required.
+
@end table
ETEXI
#endif
@@ -514,7 +517,7 @@ ETEXI
DEFHEADING(Virtual File system pass-through options:)
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
- "-virtfs local,path=path,mount_tag=tag\n",
+ "-virtfs
local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
QEMU_ARCH_ALL)
STEXI
@@ -530,7 +533,7 @@ The specific Fstype will determine the applicable options.
Options to each backend are described below.
-...@item -virtfs local ,pa...@var{path} ,mount_t...@var{mount_tag}
+...@item -virtfs local ,pa...@var{path} ,mount_t...@var{mount_tag}
,security_mod...@var{security_model}
Create a Virtual file-system-pass through for local-filesystem.
@@ -538,6 +541,10 @@ Create a Virtual file-system-pass through for
local-filesystem.
@option{path} specifies the path to be exported. @option{path} is required.
+...@option{security_model} specifies the security model to be followed.
+...@option{security_model} is required.
+
+
@option{mount_tag} specifies the tag with which the exported file is mounted.
@option{mount_tag} is required.
diff --git a/vl.c b/vl.c
index 85bcc84..c3bba4a 100644
--- a/vl.c
+++ b/vl.c
@@ -3109,10 +3109,11 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
- len = strlen(",id=,path=");
+ len = strlen(",id=,path=,security_model=");
len += strlen(qemu_opt_get(opts, "fstype"));
len += strlen(qemu_opt_get(opts, "mount_tag"));
len += strlen(qemu_opt_get(opts, "path"));
+ len += strlen(qemu_opt_get(opts, "security_model"));
arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
if (!arg_fsdev) {
@@ -3121,10 +3122,11 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
- sprintf(arg_fsdev, "%s,id=%s,path=%s",
+ sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
qemu_opt_get(opts, "fstype"),
qemu_opt_get(opts, "mount_tag"),
- qemu_opt_get(opts, "path"));
+ qemu_opt_get(opts, "path"),
+ qemu_opt_get(opts, "security_model"));
len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
len += 2*strlen(qemu_opt_get(opts, "mount_tag"));
--
1.6.5.2
