[libvirt] [PATCH] Added new attribute security_model to filesystem element

Daniel P. Berrange berrange at redhat.com
Thu Oct 7 11:17:36 UTC 2010 

On Sat, Sep 25, 2010 at 12:04:11AM +0530, Harsh Prateek Bora wrote:
> This patch introduces new attribute to filesystem element
> to support customizable security_model for mount type.
> Valid security_model are: passthrough, mapped and none.
> 
> Usage:
> 	<filesystem type='mount' security_model='passthrough'>

I'd like to think of a different name for this, because
'security_model' is already used in libvirt in the context
of sVirt and I think it'd be better to avoid the same
terminology. I've not got any ideas just yet, but I'll
think of some....

> 	<source dir='/export/to/guest'/>
> 	<target dir='mount_tag'/>
> 	</filesystem>
> 
> Note: This patch is based on Daniel's patch to support 9pfs.
> It shall be applied after applying Daniel's patch to support 9pfs.
> 
> Signed-off-by: Harsh Prateek Bora <harsh at linux.vnet.ibm.com>
> ---
>  docs/schemas/domain.rng |    7 +++++++
>  src/conf/domain_conf.c  |   30 ++++++++++++++++++++++++++++--
>  src/conf/domain_conf.h  |   10 ++++++++++
>  src/qemu/qemu_conf.c    |   11 +++++++++--
>  4 files changed, 54 insertions(+), 4 deletions(-)
> 
> diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
> index ccb8cf3..43a292d 100644
> --- a/docs/schemas/domain.rng
> +++ b/docs/schemas/domain.rng
> @@ -761,6 +761,13 @@
>        </choice>
>        <optional>
>          <ref name="address"/>
> +        <attribute name="security_model">
> +        <choice>
> +          <value>passthrough</value>
> +          <value>mapped</value>
> +          <value>none</value>
> +        </choice>
> +        </attribute>
>        </optional>
>      </element>
>    </define>
> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
> index e05d5d7..a9881d1 100644
> --- a/src/conf/domain_conf.c
> +++ b/src/conf/domain_conf.c
> @@ -161,6 +161,12 @@ VIR_ENUM_IMPL(virDomainFS, VIR_DOMAIN_FS_TYPE_LAST,
>                "file",
>                "template")
>  
> +VIR_ENUM_IMPL(virDomainFSSecurityModel, VIR_DOMAIN_FS_SECURITY_LAST,
> +              "passthrough",
> +              "mapped",
> +              "none")
> +
> +
>  VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST,
>                "user",
>                "ethernet",
> @@ -1847,6 +1853,7 @@ virDomainFSDefParseXML(xmlNodePtr node,
>      char *type = NULL;
>      char *source = NULL;
>      char *target = NULL;
> +    char *security_model;
>  
>      if (VIR_ALLOC(def) < 0) {
>          virReportOOMError();
> @@ -1864,6 +1871,17 @@ virDomainFSDefParseXML(xmlNodePtr node,
>          def->type = VIR_DOMAIN_FS_TYPE_MOUNT;
>      }
>  
> +    security_model = virXMLPropString(node, "security_model");
> +    if (security_model) {
> +        if ((def->security_model = virDomainFSSecurityModelTypeFromString(security_model)) < 0) {
> +            virDomainReportError(VIR_ERR_INTERNAL_ERROR,
> +                                 _("unknown security model '%s'"), security_model);
> +            goto error;
> +        }
> +    } else {
> +        def->security_model = VIR_DOMAIN_FS_SECURITY_PASSTHROUGH;
> +    }
> +
>      cur = node->children;
>      while (cur != NULL) {
>          if (cur->type == XML_ELEMENT_NODE) {
> @@ -5602,6 +5620,7 @@ virDomainFSDefFormat(virBufferPtr buf,
>                       int flags)
>  {
>      const char *type = virDomainFSTypeToString(def->type);
> +    const char *sec_model = virDomainFSSecurityModelTypeToString(def->security_model);
>  
>      if (!type) {
>          virDomainReportError(VIR_ERR_INTERNAL_ERROR,
> @@ -5609,9 +5628,16 @@ virDomainFSDefFormat(virBufferPtr buf,
>          return -1;
>      }
>  
> +   if (!sec_model) {
> +        virDomainReportError(VIR_ERR_INTERNAL_ERROR,
> +                             _("unexpected security model %d"), def->security_model);
> +        return -1;
> +    }
> +
> +
>      virBufferVSprintf(buf,
> -                      "    <filesystem type='%s'>\n",
> -                      type);
> +                      "    <filesystem type='%s' security_model='%s'>\n",
> +                      type, sec_model);
>  
>      if (def->src) {
>          switch (def->type) {
> diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
> index 7195c04..6adf027 100644
> --- a/src/conf/domain_conf.h
> +++ b/src/conf/domain_conf.h
> @@ -236,10 +236,20 @@ enum virDomainFSType {
>      VIR_DOMAIN_FS_TYPE_LAST
>  };
>  
> +/* Filesystem mount security model  */
> +enum virDomainFSSecurityModel {
> +    VIR_DOMAIN_FS_SECURITY_PASSTHROUGH,
> +    VIR_DOMAIN_FS_SECURITY_MAPPED,
> +    VIR_DOMAIN_FS_SECURITY_NONE,
> +
> +    VIR_DOMAIN_FS_SECURITY_LAST
> +};

What is the difference between 'PASSTHROUGH' mode
and 'NONE' ? IIUC, 'PASSTHROUGH' just lets the uid/gid
and mode appear in the guest unchanged, which seems
to be just what 'NONE' would do too.

Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

More information about the libvir-list mailing list