virtio-9p: Security model for mkdir
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com> Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
This commit is contained in:
parent
4750a96f6b
commit
00ec5c3760
|
@ -70,7 +70,7 @@ typedef struct FileOperations
|
||||||
ssize_t (*readv)(FsContext *, int, const struct iovec *, int);
|
ssize_t (*readv)(FsContext *, int, const struct iovec *, int);
|
||||||
ssize_t (*writev)(FsContext *, int, const struct iovec *, int);
|
ssize_t (*writev)(FsContext *, int, const struct iovec *, int);
|
||||||
off_t (*lseek)(FsContext *, int, off_t, int);
|
off_t (*lseek)(FsContext *, int, off_t, int);
|
||||||
int (*mkdir)(FsContext *, const char *, mode_t);
|
int (*mkdir)(FsContext *, const char *, FsCred *);
|
||||||
int (*fstat)(FsContext *, int, struct stat *);
|
int (*fstat)(FsContext *, int, struct stat *);
|
||||||
int (*rename)(FsContext *, const char *, const char *);
|
int (*rename)(FsContext *, const char *, const char *);
|
||||||
int (*truncate)(FsContext *, const char *, off_t);
|
int (*truncate)(FsContext *, const char *, off_t);
|
||||||
|
|
|
@ -207,9 +207,40 @@ static int local_mksock(FsContext *ctx2, const char *path)
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int local_mkdir(FsContext *ctx, const char *path, mode_t mode)
|
static int local_mkdir(FsContext *fs_ctx, const char *path, FsCred *credp)
|
||||||
{
|
{
|
||||||
return mkdir(rpath(ctx, path), mode);
|
int err = -1;
|
||||||
|
int serrno = 0;
|
||||||
|
|
||||||
|
/* Determine the security model */
|
||||||
|
if (fs_ctx->fs_sm == SM_MAPPED) {
|
||||||
|
err = mkdir(rpath(fs_ctx, path), SM_LOCAL_DIR_MODE_BITS);
|
||||||
|
if (err == -1) {
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
credp->fc_mode = credp->fc_mode|S_IFDIR;
|
||||||
|
err = local_set_xattr(rpath(fs_ctx, path), credp);
|
||||||
|
if (err == -1) {
|
||||||
|
serrno = errno;
|
||||||
|
goto err_end;
|
||||||
|
}
|
||||||
|
} else if (fs_ctx->fs_sm == SM_PASSTHROUGH) {
|
||||||
|
err = mkdir(rpath(fs_ctx, path), credp->fc_mode);
|
||||||
|
if (err == -1) {
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
err = local_post_create_passthrough(fs_ctx, path, credp);
|
||||||
|
if (err == -1) {
|
||||||
|
serrno = errno;
|
||||||
|
goto err_end;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return err;
|
||||||
|
|
||||||
|
err_end:
|
||||||
|
remove(rpath(fs_ctx, path));
|
||||||
|
errno = serrno;
|
||||||
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int local_fstat(FsContext *fs_ctx, int fd, struct stat *stbuf)
|
static int local_fstat(FsContext *fs_ctx, int fd, struct stat *stbuf)
|
||||||
|
|
|
@ -170,9 +170,15 @@ static int v9fs_do_mksock(V9fsState *s, V9fsString *path)
|
||||||
return s->ops->mksock(&s->ctx, path->data);
|
return s->ops->mksock(&s->ctx, path->data);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int v9fs_do_mkdir(V9fsState *s, V9fsString *path, mode_t mode)
|
static int v9fs_do_mkdir(V9fsState *s, V9fsCreateState *vs)
|
||||||
{
|
{
|
||||||
return s->ops->mkdir(&s->ctx, path->data, mode);
|
FsCred cred;
|
||||||
|
|
||||||
|
cred_init(&cred);
|
||||||
|
cred.fc_uid = vs->fidp->uid;
|
||||||
|
cred.fc_mode = vs->perm & 0777;
|
||||||
|
|
||||||
|
return s->ops->mkdir(&s->ctx, vs->fullname.data, &cred);
|
||||||
}
|
}
|
||||||
|
|
||||||
static int v9fs_do_fstat(V9fsState *s, int fd, struct stat *stbuf)
|
static int v9fs_do_fstat(V9fsState *s, int fd, struct stat *stbuf)
|
||||||
|
@ -1776,7 +1782,7 @@ static void v9fs_create_post_lstat(V9fsState *s, V9fsCreateState *vs, int err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (vs->perm & P9_STAT_MODE_DIR) {
|
if (vs->perm & P9_STAT_MODE_DIR) {
|
||||||
err = v9fs_do_mkdir(s, &vs->fullname, vs->perm & 0777);
|
err = v9fs_do_mkdir(s, vs);
|
||||||
v9fs_create_post_mkdir(s, vs, err);
|
v9fs_create_post_mkdir(s, vs, err);
|
||||||
} else if (vs->perm & P9_STAT_MODE_SYMLINK) {
|
} else if (vs->perm & P9_STAT_MODE_SYMLINK) {
|
||||||
err = v9fs_do_symlink(s, &vs->extension, &vs->fullname);
|
err = v9fs_do_symlink(s, &vs->extension, &vs->fullname);
|
||||||
|
|
Reference in New Issue