@@ -50,6 +50,8 @@ int qemu_fsdev_add(QemuOpts *opts)
fsle->fse.fsdev_id = qemu_strdup(qemu_opts_id(opts));
fsle->fse.path = qemu_strdup(qemu_opt_get(opts, "path"));
+ fsle->fse.security_model = qemu_strdup(qemu_opt_get(opts,
+ "security_model"));
fsle->fse.ops = FsTypes[i].ops;
QTAILQ_INSERT_TAIL(&fstype_entries, fsle, next);
@@ -40,6 +40,7 @@ typedef struct FsTypeTable {
typedef struct FsTypeEntry {
char *fsdev_id;
char *path;
+ char *security_model;
FileOperations *ops;
} FsTypeEntry;
@@ -2413,6 +2413,20 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf *conf)
exit(1);
}
+ if (!strcmp(fse->security_model, "passthrough")) {
+ /* Files on the Fileserver set to client user credentials */
+ } else if (!strcmp(fse->security_model, "mapped")) {
+ /* Files on the fileserver are set to QEMU credentials.
+ * Client user credentials are saved in extended attributes.
+ */
+ } else {
+ /* user haven't specified a correct security option */
+ fprintf(stderr, "one of the following must be specified as the"
+ "security option:\n\t security_model=passthrough \n\t "
+ "security_model=mapped\n");
+ exit(1);
+ }
+
if (lstat(fse->path, &stat)) {
fprintf(stderr, "share path %s does not exist\n", fse->path);
exit(1);
@@ -160,9 +160,12 @@ QemuOptsList qemu_fsdev_opts = {
{
.name = "fstype",
.type = QEMU_OPT_STRING,
- }, {
+ },{
.name = "path",
.type = QEMU_OPT_STRING,
+ },{
+ .name = "security_model",
+ .type = QEMU_OPT_STRING,
},
{ /*End of list */ }
},
@@ -178,12 +181,15 @@ QemuOptsList qemu_virtfs_opts = {
{
.name = "fstype",
.type = QEMU_OPT_STRING,
- }, {
+ },{
.name = "path",
.type = QEMU_OPT_STRING,
- }, {
+ },{
.name = "mount_tag",
.type = QEMU_OPT_STRING,
+ },{
+ .name = "security_model",
+ .type = QEMU_OPT_STRING,
},
{ /*End of list */ }
@@ -482,7 +482,7 @@ ETEXI
DEFHEADING(File system options:)
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
- "-fsdev local,id=id,path=path\n",
+ "-fsdev local,id=id,path=path,security_model=[mapped|passthrough]\n",
QEMU_ARCH_ALL)
STEXI
@@ -498,7 +498,7 @@ The specific Fstype will determine the applicable options.
Options to each backend are described below.
-@item -fsdev local ,id=@var{id} ,path=@var{path}
+@item -fsdev local ,id=@var{id} ,path=@var{path} ,security_model=@var{security_model}
Create a file-system-"device" for local-filesystem.
@@ -506,6 +506,9 @@ Create a file-system-"device" for local-filesystem.
@option{path} specifies the path to be exported. @option{path} is required.
+@option{security_model} specifies the security model to be followed.
+@option{security_model} is required.
+
@end table
ETEXI
#endif
@@ -514,7 +517,7 @@ ETEXI
DEFHEADING(Virtual File system pass-through options:)
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
- "-virtfs local,path=path,mount_tag=tag\n",
+ "-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough]\n",
QEMU_ARCH_ALL)
STEXI
@@ -530,7 +533,7 @@ The specific Fstype will determine the applicable options.
Options to each backend are described below.
-@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag}
+@item -virtfs local ,path=@var{path} ,mount_tag=@var{mount_tag} ,security_model=@var{security_model}
Create a Virtual file-system-pass through for local-filesystem.
@@ -538,6 +541,10 @@ Create a Virtual file-system-pass through for local-filesystem.
@option{path} specifies the path to be exported. @option{path} is required.
+@option{security_model} specifies the security model to be followed.
+@option{security_model} is required.
+
+
@option{mount_tag} specifies the tag with which the exported file is mounted.
@option{mount_tag} is required.
@@ -3109,10 +3109,11 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
- len = strlen(",id=,path=");
+ len = strlen(",id=,path=,security_model=");
len += strlen(qemu_opt_get(opts, "fstype"));
len += strlen(qemu_opt_get(opts, "mount_tag"));
len += strlen(qemu_opt_get(opts, "path"));
+ len += strlen(qemu_opt_get(opts, "security_model"));
arg_fsdev = qemu_malloc((len + 1) * sizeof(*arg_fsdev));
if (!arg_fsdev) {
@@ -3121,10 +3122,11 @@ int main(int argc, char **argv, char **envp)
exit(1);
}
- sprintf(arg_fsdev, "%s,id=%s,path=%s",
+ sprintf(arg_fsdev, "%s,id=%s,path=%s,security_model=%s",
qemu_opt_get(opts, "fstype"),
qemu_opt_get(opts, "mount_tag"),
- qemu_opt_get(opts, "path"));
+ qemu_opt_get(opts, "path"),
+ qemu_opt_get(opts, "security_model"));
len = strlen("virtio-9p-pci,fsdev=,mount_tag=");
len += 2*strlen(qemu_opt_get(opts, "mount_tag"));
The new option is: -fsdev local,id=jvrao,path=/tmp/,security_model=[mapped|passthrough] -virtfs local,path=/tmp/,security_model=[mapped|passthrough],mnt_tag=v_tmp. In the case of mapped security model, files are created with QEMU user credentials and the client-user's credentials are saved in extended attributes. Whereas in the case of passthrough security model, files on the filesystem are directly created with client-user's credentials. Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> --- fsdev/qemu-fsdev.c | 2 ++ fsdev/qemu-fsdev.h | 1 + hw/virtio-9p.c | 14 ++++++++++++++ qemu-config.c | 12 +++++++++--- qemu-options.hx | 15 +++++++++++---- vl.c | 8 +++++--- 6 files changed, 42 insertions(+), 10 deletions(-)