[libvirt] [Qemu-devel] [PATCH 1/2] add 'umask' option to -chardev
Chun Yan Liu
cyliu at suse.com
Tue Sep 2 10:05:01 UTC 2014
>>> On 9/2/2014 at 05:16 PM, in message <20140902091655.GB21282 at redhat.com>,
"Daniel P. Berrange" <berrange at redhat.com> wrote:
> On Tue, Sep 02, 2014 at 03:08:51AM -0600, Chun Yan Liu wrote:
> >
> >
> > >>> On 9/2/2014 at 04:54 PM, in message <20140902085434.GA21282 at redhat.com>,
> > "Daniel P. Berrange" <berrange at redhat.com> wrote:
> > > On Tue, Sep 02, 2014 at 03:40:42PM +0800, Chunyan Liu wrote:
> > > > To use virtio-serial device, unix socket created for chardev with
> > > > default umask(022) has insufficient permissions.
> > > >
> > > > e.g. start kvm guest with:
> > > > -device virtio-serial \
> > > > -chardev socket,path=/tmp/foo,server,nowait,id=foo \
> > > > -device virtserialport,chardev=foo,name=org.fedoraproject.port.0
> > > >
> > > > Check permissions for the socket file that has been created in the host
> > > > to enable communication through virtual serial ports in the guest:
> > > > #ls -l /tmp/somefile.sock
> > > > srwxr-xr-x 1 qemu qemu 0 21. Jul 14:19 /tmp/somefile.sock
> > > >
> > > > Other users in the qemu group (like real user, test engines, etc) cannot
> > > > write to this socket.
> > > >
> > > > Problem reported here:
> > > > https://sourceware.org/bugzilla/show_bug.cgi?id=13078#c11
> > > > https://bugzilla.novell.com/show_bug.cgi?id=888166
> > > >
> > > > This patch tries to add a 'umask' option to 'chardev', so that user
> > > > can have chance to indicate a umask overwritting the default one (default
>
> > > > is 022), then create unix sockets with expected permissions.
> > > >
> > > > Signed-off-by: Chunyan Liu <cyliu at suse.com>
> > > > ---
> > > > This is patch for qemu.
> > > >
> > > > qemu-char.c | 3 +++
> > > > qemu-options.hx | 9 +++++++--
> > > > util/qemu-sockets.c | 12 +++++++++++-
> > > > 3 files changed, 21 insertions(+), 3 deletions(-)
> > >
> > > > diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c
> > > > index 5d38395..facf2c6 100644
> > > > --- a/util/qemu-sockets.c
> > > > +++ b/util/qemu-sockets.c
> > > > @@ -680,7 +680,8 @@ int unix_listen_opts(QemuOpts *opts, Error **errp)
> > > > {
> > > > struct sockaddr_un un;
> > > > const char *path = qemu_opt_get(opts, "path");
> > > > - int sock, fd;
> > > > + int newmask = qemu_opt_get_number(opts, "umask", 0);
> > > > + int sock, fd, oldmask;
> > > >
> > > > sock = qemu_socket(PF_UNIX, SOCK_STREAM, 0);
> > > > if (sock < 0) {
> > > > @@ -708,10 +709,19 @@ int unix_listen_opts(QemuOpts *opts, Error **errp)
> > > > }
> > > >
> > > > unlink(un.sun_path);
> > > > + if (newmask) {
> > > > + oldmask = umask(newmask);
> > > > + }
> > > > if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) {
> > > > + if (newmask) {
> > > > + umask(oldmask);
> > > > + }
> > > > error_set_errno(errp, errno, QERR_SOCKET_BIND_FAILED);
> > > > goto err;
> > > > }
> > > > + if (newmask) {
> > > > + umask(oldmask);
> > > > + }
> > >
> > > Setting umask() is not thread-safe as it affects the entire process.
> While
> > > this is OK for chardevs which are cold-plugged at startup, once QEMU is
> > > running it is not OK to alter umask during hotplug of devices.
> > >
> > > Wouldn't it be simpler for libvirt to simply set the umask to 002 when it
> > > first launches QEMU, avoiding the need for trying todo this per device.
> >
> > I think that's OK. Only one thing: I'm not sure if permissions of any other
> > file created in qemu will be changed due to this change, and if that is
> > unexpected or not.
>
> Whether or not it causes problems today is only half the story. I'm more
> concerned about the long term problems. The use of threads is increasing
> in QEMU over time, so manipulating umask() is a time-bomb waiting to strike
> at some point in the future when people have forgotten that this proposed
> feature exists. IMHO umask() should simply never be used when multiple
> threads are running, to avoid this long term risk entirely.
I agree. Now suppose when it explicitly sets the mode S_IWGRP while creating
new file, group user writing permission is really expected, I think setting umask
to 002 to the whole qemu process should be OK.
>
> Regards,
> Daniel
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/
> :|
> |: http://libvirt.org -o- http://virt-manager.org
> :|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/
> :|
> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc
> :|
>
>
>
More information about the libvir-list
mailing list