[libvirt] [PATCH v3] Added new attribute mount_security to filesystem element

Harsh Bora harsh at linux.vnet.ibm.com
Thu Oct 14 05:30:24 UTC 2010 

On 10/13/2010 09:22 PM, Matthias Bolte wrote:
> 2010/10/11 Harsh Prateek Bora<harsh at linux.vnet.ibm.com>:
>> This patch introduces new attribute to filesystem element
>> to support customizable security for mount type.
>> Valid mount_security are: passthrough and mapped.
>>
>> Usage:
>>         <filesystem type='mount' mount_security='passthrough'>
>>         <source dir='/export/to/guest'/>
>>         <target dir='mount_tag'/>
>>         </filesystem>
>>
>> Here is the detailed explanation on these security models:
>>
>> Security model: mapped
>> ----------------------
>>
>> Fileserver intercepts and maps all the file object create requests.
>> Files on the fileserver will be created with Fileserver's user credentials
>> and the
>> client-user's credentials are stored in extended attributes.
>> During getattr() server extracts the client-user's credentials from extended
>> attributes and sends to the client.
>>
>> This adds a great deal of security in the cloud environments where the
>> guest's(client) user space is kept completely isolated from host's user
>> space.
>>
>>
>> Security model : passthrough
>> ----------------------------
>>
>> In this security model, Fileserver passes down all requests to the
>> underlying filesystem. File system objects on the fileserver will be created
>> with client-user's credentials. This is done by setting setuid()/setgid()
>> during creation or chmod/chown after file creation. At the end of create
>> protocol
>> request, files on the fileserver will be owned by cleint-user's uid/gid.
>> This model mimic's current NFSv3 level of security.
>>
>> Note: This patch is based on Daniel's patch to support 9pfs.
>> It shall be applied after applying Daniel's patch to support 9pfs.
>>
>> v3:
>> - QEMU cmdline still uses security_model, changes done by mistake reverted.
>>
>> Signed-off-by: Harsh Prateek Bora<harsh at linux.vnet.ibm.com>
>> ---
>>   docs/schemas/domain.rng |    6 ++++++
>>   src/conf/domain_conf.c  |   29 +++++++++++++++++++++++++++--
>>   src/conf/domain_conf.h  |   10 ++++++++++
>>   src/qemu/qemu_conf.c    |    9 +++++++--
>>   4 files changed, 50 insertions(+), 4 deletions(-)
>>
>
> This patch lacks documentation about the new domain XML attributes in
> docs/formatdomain.html.in.
>
Hi Matthias,
I wanted to put the documentation for the new attributes in the 
formatdomain.html.in, however, found that we are actually missing the 
documentation for the <filesystem> element itself there.
I discussed about the same with DV and he suggested to put the 
documentation text in the patch itself, so that once the documentation 
for <filesystem> element is in place, this text can be added to it for 
the new attributes.

Regards,
Harsh
> Matthias

More information about the libvir-list mailing list