On Wed, Oct 12, 2011 at 01:24:16PM +0530, M. Mohan Kumar wrote:
> Security model is needed only for 'local' fs driver.
>
> Signed-off-by: M. Mohan Kumar <mo...@in.ibm.com>
> ---
> fsdev/qemu-fsdev.c | 6 +----
> fsdev/qemu-fsdev.h | 1 +
> hw/9pfs/virtio-9p-device.c | 47 ++++++++++++++++++++++---------------------
> vl.c | 20 +++++++++++++++--
> 4 files changed, 43 insertions(+), 31 deletions(-)
>
> --- a/fsdev/qemu-fsdev.h
> +++ b/fsdev/qemu-fsdev.h
> @@ -40,6 +40,7 @@ typedef struct FsTypeTable {
> typedef struct FsTypeEntry {
> char *fsdev_id;
> char *path;
> + char *fsdriver;
> char *security_model;
> int cache_flags;
> FileOperations *ops;
> diff --git a/hw/9pfs/virtio-9p-device.c b/hw/9pfs/virtio-9p-device.c
> index aac58ad..1846e36 100644
> --- a/hw/9pfs/virtio-9p-device.c
> +++ b/hw/9pfs/virtio-9p-device.c
> @@ -83,29 +83,30 @@ VirtIODevice *virtio_9p_init(DeviceState *dev, V9fsConf
> *conf)
> exit(1);
> }
>
> - if (!strcmp(fse->security_model, "passthrough")) {
> - /* Files on the Fileserver set to client user credentials */
> - s->ctx.fs_sm = SM_PASSTHROUGH;
> - s->ctx.xops = passthrough_xattr_ops;
> - } else if (!strcmp(fse->security_model, "mapped")) {
> - /* Files on the fileserver are set to QEMU credentials.
> - * Client user credentials are saved in extended attributes.
> - */
> - s->ctx.fs_sm = SM_MAPPED;
> - s->ctx.xops = mapped_xattr_ops;
> - } else if (!strcmp(fse->security_model, "none")) {
> - /*
> - * Files on the fileserver are set to QEMU credentials.
> - */
> - s->ctx.fs_sm = SM_NONE;
> - s->ctx.xops = none_xattr_ops;
> - } else {
> - fprintf(stderr, "Default to security_model=none. You may want"
> - " enable advanced security model using "
> - "security option:\n\t security_model=passthrough\n\t "
> - "security_model=mapped\n");
> - s->ctx.fs_sm = SM_NONE;
> - s->ctx.xops = none_xattr_ops;
> + /* security models is needed only for local fs driver */
> + if (!strcmp(fse->fsdriver, "local")) {
> + if (!strcmp(fse->security_model, "passthrough")) {
> + /* Files on the Fileserver set to client user credentials */
> + s->ctx.fs_sm = SM_PASSTHROUGH;
> + s->ctx.xops = passthrough_xattr_ops;
> + } else if (!strcmp(fse->security_model, "mapped")) {
> + /* Files on the fileserver are set to QEMU credentials.
> + * Client user credentials are saved in extended attributes.
> + */
> + s->ctx.fs_sm = SM_MAPPED;
> + s->ctx.xops = mapped_xattr_ops;
> + } else if (!strcmp(fse->security_model, "none")) {
> + /*
> + * Files on the fileserver are set to QEMU credentials.
> + */
> + s->ctx.fs_sm = SM_NONE;
> + s->ctx.xops = none_xattr_ops;
> + } else {
> + fprintf(stderr, "Invalid security_model %s specified.\n"
> + "Available security models are:\t "
> + "passthrough,mapped or none\n", fse->security_model);
> + exit(1);
> + }
Are you sure there aren't use cases where people would like to
choose between passthrough & mapped, even when using the 'proxy'
or 'handle' security drivers.
Both of the security models seem pretty generally useful to me,
regardless of the driver type.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
