Re: [PATCH] virtiofsd: xattr mapping add a new type "unsupported"

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] virtiofsd: xattr mapping add a new type "unsupported"

From:	Dr. David Alan Gilbert
Subject:	Re: [PATCH] virtiofsd: xattr mapping add a new type "unsupported"
Date:	Mon, 25 Oct 2021 18:48:44 +0100
User-agent:	Mutt/2.0.7 (2021-05-04)

* Vivek Goyal (vgoyal@redhat.com) wrote:
> Right now for xattr remapping, we support types of "prefix", "ok" or "bad".
> Type "bad" returns -EPERM on setxattr and hides xattr in listxattr. For
> getxattr, mapping code returns -EPERM but getxattr code converts it to 
> -ENODATA.
> 
> I need a new semantics where if an xattr is unsupported, then
> getxattr()/setxattr() return -ENOTSUP and listxattr() should hide the xattr.
> This is needed to simulate that security.selinux is not supported by
> virtiofs filesystem and in that case client falls back to some default
> label specified by policy.
> 
> So add a new type "unsupported" which returns -ENOTSUP on getxattr() and
> setxattr() and hides xattrs in listxattr().
> 
> For example, one can use following mapping rule to not support
> security.selinux xattr and allow others.
> 
> "-o xattrmap=/unsupported/all/security.selinux/security.selinux//ok/all///"
> 
> Suggested-by: "Dr. David Alan Gilbert" <dgilbert@redhat.com>
> Signed-off-by: Vivek Goyal <vgoyal@redhat.com>

Queued

> ---
>  docs/tools/virtiofsd.rst         |    6 ++++++
>  tools/virtiofsd/passthrough_ll.c |   17 ++++++++++++++---
>  2 files changed, 20 insertions(+), 3 deletions(-)
> 
> Index: rhvgoyal-qemu/tools/virtiofsd/passthrough_ll.c
> ===================================================================
> --- rhvgoyal-qemu.orig/tools/virtiofsd/passthrough_ll.c       2021-09-22 
> 08:37:16.070377732 -0400
> +++ rhvgoyal-qemu/tools/virtiofsd/passthrough_ll.c    2021-09-22 
> 14:17:09.543016250 -0400
> @@ -2465,6 +2465,11 @@ static void lo_flock(fuse_req_t req, fus
>   * Automatically reversed on read
>   */
>  #define XATTR_MAP_FLAG_PREFIX  (1 <<  2)
> +/*
> + * The attribute is unsupported;
> + * ENOTSUP on write, hidden on read.
> + */
> +#define XATTR_MAP_FLAG_UNSUPPORTED     (1 <<  3)
>  
>  /* scopes */
>  /* Apply rule to get/set/remove */
> @@ -2636,6 +2641,8 @@ static void parse_xattrmap(struct lo_dat
>              tmp_entry.flags |= XATTR_MAP_FLAG_OK;
>          } else if (strstart(map, "bad", &map)) {
>              tmp_entry.flags |= XATTR_MAP_FLAG_BAD;
> +        } else if (strstart(map, "unsupported", &map)) {
> +            tmp_entry.flags |= XATTR_MAP_FLAG_UNSUPPORTED;
>          } else if (strstart(map, "map", &map)) {
>              /*
>               * map is sugar that adds a number of rules, and must be
> @@ -2646,8 +2653,8 @@ static void parse_xattrmap(struct lo_dat
>          } else {
>              fuse_log(FUSE_LOG_ERR,
>                       "%s: Unexpected type;"
> -                     "Expecting 'prefix', 'ok', 'bad' or 'map' in rule 
> %zu\n",
> -                     __func__, lo->xattr_map_nentries);
> +                     "Expecting 'prefix', 'ok', 'bad', 'unsupported' or 
> 'map'"
> +                     " in rule %zu\n", __func__, lo->xattr_map_nentries);
>              exit(1);
>          }
>  
> @@ -2749,6 +2756,9 @@ static int xattr_map_client(const struct
>              if (cur_entry->flags & XATTR_MAP_FLAG_BAD) {
>                  return -EPERM;
>              }
> +            if (cur_entry->flags & XATTR_MAP_FLAG_UNSUPPORTED) {
> +                return -ENOTSUP;
> +            }
>              if (cur_entry->flags & XATTR_MAP_FLAG_OK) {
>                  /* Unmodified name */
>                  return 0;
> @@ -2788,7 +2798,8 @@ static int xattr_map_server(const struct
>  
>          if ((cur_entry->flags & XATTR_MAP_FLAG_SERVER) &&
>              (strstart(server_name, cur_entry->prepend, &end))) {
> -            if (cur_entry->flags & XATTR_MAP_FLAG_BAD) {
> +            if (cur_entry->flags & XATTR_MAP_FLAG_BAD ||
> +                cur_entry->flags & XATTR_MAP_FLAG_UNSUPPORTED) {
>                  return -ENODATA;
>              }
>              if (cur_entry->flags & XATTR_MAP_FLAG_OK) {
> Index: rhvgoyal-qemu/docs/tools/virtiofsd.rst
> ===================================================================
> --- rhvgoyal-qemu.orig/docs/tools/virtiofsd.rst       2021-09-22 
> 08:37:15.938372097 -0400
> +++ rhvgoyal-qemu/docs/tools/virtiofsd.rst    2021-09-22 14:44:09.814188712 
> -0400
> @@ -183,6 +183,12 @@ Using ':' as the separator a rule is of
>    'ok' as either an explicit terminator or for special handling of certain
>    patterns.
>  
> +- 'unsupported' - If a client tries to use a name matching 'key' it's
> +  denied using ENOTSUP; when the server passes an attribute
> +  name matching 'prepend' it's hidden.  In many ways it's use is very like
> +  'ok' as either an explicit terminator or for special handling of certain
> +  patterns.
> +
>  **key** is a string tested as a prefix on an attribute name originating
>  on the client.  It maybe empty in which case a 'client' rule
>  will always match on client names.
> 
> 
-- 
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH] virtiofsd: xattr mapping add a new type "unsupported", Dr. David Alan Gilbert, 2021/10/05
- Re: [PATCH] virtiofsd: xattr mapping add a new type "unsupported", Dr. David Alan Gilbert <=

Prev by Date: Re: [PATCH v3 36/48] tcg/optimize: Split out fold_xi_to_x
Next by Date: Re: [PATCH 00/13] virtiofsd: Support notification queue and
Previous by thread: Re: [PATCH] virtiofsd: xattr mapping add a new type "unsupported"
Next by thread: [PATCH] ui/gtk: Update the refresh rate for gl-area too
Index(es):
- Date
- Thread