From nobody Sat Apr 20 16:10:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1616778973; cv=none; d=zohomail.com; s=zohoarc; b=Dw9dLMKLK0rLx64gFzBHcEuBY20EEITY01mAR1Ese8U6dKtR4M/I1DaYMO6VVSPvnJmGQU0K6+DSIY0rRAsA+pAJJ71kMPqFgMUp2lNDYERXiiXK0OB/A6+Vl5mKluxstkkTm+pQxiVmnMzpdjaOsYrhJlcolVtIoECSpm+OEfI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1616778973; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=/TVdU8iAOK7BKV3566Mj7UOsiFZsJBzAzCljNiexwyc=; b=JYZ8jPJlhBNFRK3x+ztoBM5cwyipixK6aHgHYNEW5VfRmdvWDWJftSCAaMlvpHqgf0XzSn8HeRyfdAVw4T01PBfx8POOouVkijIQIdGRU5eUlb/H76HEDvy74kkcFy1hSpH43UIFhd+WTXtdqv6jIVPLuNpLsZY7B346nftuNyU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1616778973525329.9620577790711; Fri, 26 Mar 2021 10:16:13 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-307-G19dcfM9Pli3oMKRrSjNwQ-1; Fri, 26 Mar 2021 13:16:09 -0400 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id CF4FE87A83C; Fri, 26 Mar 2021 17:16:02 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id F150819C71; Fri, 26 Mar 2021 17:16:01 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 06A054A7C8; Fri, 26 Mar 2021 17:16:01 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 12QHFwhF007916 for ; Fri, 26 Mar 2021 13:15:58 -0400 Received: by smtp.corp.redhat.com (Postfix) id 7F5FD1B5C3; Fri, 26 Mar 2021 17:15:58 +0000 (UTC) Received: from worklaptop.home (ovpn-117-183.rdu2.redhat.com [10.10.117.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1DF31646DC; Fri, 26 Mar 2021 17:15:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1616778972; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=/TVdU8iAOK7BKV3566Mj7UOsiFZsJBzAzCljNiexwyc=; b=ZMlD4ZvRsYN+AusHBAuF4tD5aqHRryXBaODRRqKFR6lPSLwJ0zb4R+xsh6nYGukDssmoyD Q++Bf8Bby463BjbaxqD5vp+QOko1FUeIAzktTVqQLDg3AKlWnU3MbcOlhEm3TNtvQMLBYc FIK9qSj0jWazUtDCNwlvzSkiB2zqZdQ= X-MC-Unique: G19dcfM9Pli3oMKRrSjNwQ-1 From: Cole Robinson To: libvir-list@redhat.com Subject: [PATCH v2 1/2] conf: Introduce for Date: Fri, 26 Mar 2021 13:15:42 -0400 Message-Id: <8698448bde8cdaaf3f3c797fcbd6ebfccf23c669.1616778890.git.crobinso@redhat.com> In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Cole Robinson X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" This adds a new XML element This will be used by qemu virtiofs Signed-off-by: Cole Robinson Reviewed-by: Michal Privoznik --- docs/formatdomain.rst | 6 +++++ docs/schemas/domaincommon.rng | 12 ++++++++++ src/conf/domain_conf.c | 23 +++++++++++++++++++ src/conf/domain_conf.h | 10 ++++++++ src/libvirt_private.syms | 1 + .../vhost-user-fs-fd-memory.xml | 1 + 6 files changed, 53 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 9392c80113..42217a4005 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -3234,6 +3234,7 @@ A directory on the host that can be accessed directly= from the guest. + @@ -3358,6 +3359,11 @@ A directory on the host that can be accessed directl= y from the guest. ``cache`` element, possible ``mode`` values being ``none`` and ``always= ``. Locking can be controlled via the ``lock`` element - attributes ``posix= `` and ``flock`` both accepting values ``on`` or ``off``. ( :since:`Since 6.2.= 0` ) + The sandboxing method used by virtiofsd can be configured with the ``sa= ndbox`` + element, possible ``mode`` values being ``namespace`` and + ``chroot``, see the + `virtiofsd documentation `__ + for more details. ( :since:`Since 7.2.0` ) ``source`` The resource on the host that is being accessed in the guest. The ``nam= e`` attribute must be used with ``type=3D'template'``, and the ``dir`` attr= ibute diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1dbfc68f18..6404ebf210 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -2960,6 +2960,18 @@ + + + + + + namespace + chroot + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index b0eba9f7bd..70a900ee25 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -538,6 +538,13 @@ VIR_ENUM_IMPL(virDomainFSCacheMode, "always", ); =20 +VIR_ENUM_IMPL(virDomainFSSandboxMode, + VIR_DOMAIN_FS_SANDBOX_MODE_LAST, + "default", + "namespace", + "chroot", +); + =20 VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST, @@ -10373,6 +10380,7 @@ virDomainFSDefParseXML(virDomainXMLOptionPtr xmlopt, g_autofree char *binary =3D virXPathString("string(./binary/@path)= ", ctxt); g_autofree char *xattr =3D virXPathString("string(./binary/@xattr)= ", ctxt); g_autofree char *cache =3D virXPathString("string(./binary/cache/@= mode)", ctxt); + g_autofree char *sandbox =3D virXPathString("string(./binary/sandb= ox/@mode)", ctxt); g_autofree char *posix_lock =3D virXPathString("string(./binary/lo= ck/@posix)", ctxt); g_autofree char *flock =3D virXPathString("string(./binary/lock/@f= lock)", ctxt); int val; @@ -10406,6 +10414,16 @@ virDomainFSDefParseXML(virDomainXMLOptionPtr xmlop= t, def->cache =3D val; } =20 + if (sandbox) { + if ((val =3D virDomainFSSandboxModeTypeFromString(sandbox)) <= =3D 0) { + virReportError(VIR_ERR_XML_ERROR, + _("cannot parse sandbox mode '%s' for virti= ofs"), + sandbox); + goto error; + } + def->sandbox =3D val; + } + if (posix_lock) { if ((val =3D virTristateSwitchTypeFromString(posix_lock)) <=3D= 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, @@ -25483,6 +25501,11 @@ virDomainFSDefFormat(virBufferPtr buf, virDomainFSCacheModeTypeToString(def->cache)= ); } =20 + if (def->sandbox !=3D VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) { + virBufferAsprintf(&binaryBuf, "\n", + virDomainFSSandboxModeTypeToString(def->sand= box)); + } + if (def->posix_lock !=3D VIR_TRISTATE_SWITCH_ABSENT) { virBufferAsprintf(&lockAttrBuf, " posix=3D'%s'", virTristateSwitchTypeToString(def->posix_loc= k)); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 0b8895bbdf..d77b04847b 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -846,6 +846,14 @@ typedef enum { VIR_DOMAIN_FS_CACHE_MODE_LAST } virDomainFSCacheMode; =20 +typedef enum { + VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT =3D 0, + VIR_DOMAIN_FS_SANDBOX_MODE_NAMESPACE, + VIR_DOMAIN_FS_SANDBOX_MODE_CHROOT, + + VIR_DOMAIN_FS_SANDBOX_MODE_LAST +} virDomainFSSandboxMode; + struct _virDomainFSDef { int type; int fsdriver; /* enum virDomainFSDriverType */ @@ -870,6 +878,7 @@ struct _virDomainFSDef { virDomainFSCacheMode cache; virTristateSwitch posix_lock; virTristateSwitch flock; + virDomainFSSandboxMode sandbox; virDomainVirtioOptionsPtr virtio; virObjectPtr privateData; }; @@ -3800,6 +3809,7 @@ VIR_ENUM_DECL(virDomainFSAccessMode); VIR_ENUM_DECL(virDomainFSWrpolicy); VIR_ENUM_DECL(virDomainFSModel); VIR_ENUM_DECL(virDomainFSCacheMode); +VIR_ENUM_DECL(virDomainFSSandboxMode); VIR_ENUM_DECL(virDomainNet); VIR_ENUM_DECL(virDomainNetBackend); VIR_ENUM_DECL(virDomainNetVirtioTxMode); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index cb9fe7c80a..04b2bc9dcd 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -414,6 +414,7 @@ virDomainFSDriverTypeToString; virDomainFSIndexByName; virDomainFSInsert; virDomainFSRemove; +virDomainFSSandboxModeTypeToString; virDomainFSTypeFromString; virDomainFSTypeToString; virDomainFSWrpolicyTypeFromString; diff --git a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml b/tests/qem= uxml2argvdata/vhost-user-fs-fd-memory.xml index 2277850c2c..abddf0870b 100644 --- a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml +++ b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml @@ -30,6 +30,7 @@ + --=20 2.30.2 From nobody Sat Apr 20 16:10:36 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; envelope-from=libvir-list-bounces@redhat.com; helo=us-smtp-delivery-124.mimecast.com; Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1616778982; cv=none; d=zohomail.com; s=zohoarc; b=jjlRZK3uY/jthdrFgg2Gm2jGpZ9FQUW0iBgn+ldggiywlR6B4kpmrwrJc9cekYJ50IZ3SJgawY8CXFopuzYTi4IPn+HriIdQTwITx7597gBozU2P4Fs/XVGSIZvROlxCnnHWLzWRdKVAFxWN/0DasqDhhRQ3Ykon+soXIYX8xBs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1616778982; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Sl9Hk+eWUm2pWeHrm3+Hp3QmhvpY0rlmlYMwCoGl8+k=; b=VKO605fa+Uu6pUAbMihUgbpgTLG12+3uRdGvJ5yjLDgZq+URFFkHASHaSG8ubCWEHJ6ONjSBUl2sFlHqs2BaWp2uS8VlVks1hsROBgdAM5vnmPIWH5L+zgv4Pv/rxId6RRC0kgN5YC0H3gSehQolkzCbnV6yAzrbCKyVYLGcFPY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com with SMTPS id 1616778982720734.3849373806323; Fri, 26 Mar 2021 10:16:22 -0700 (PDT) Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-59-XXrVKGbAOF-PVTStMKgR7w-1; Fri, 26 Mar 2021 13:16:19 -0400 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8AEB61853022; Fri, 26 Mar 2021 17:16:12 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6294C2B9FA; Fri, 26 Mar 2021 17:16:12 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 205654A700; Fri, 26 Mar 2021 17:16:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 12QHFxCR007928 for ; Fri, 26 Mar 2021 13:15:59 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1999F226EE; Fri, 26 Mar 2021 17:15:59 +0000 (UTC) Received: from worklaptop.home (ovpn-117-183.rdu2.redhat.com [10.10.117.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id A69F8646DC; Fri, 26 Mar 2021 17:15:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1616778981; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=Sl9Hk+eWUm2pWeHrm3+Hp3QmhvpY0rlmlYMwCoGl8+k=; b=fpqegaN7uLLGB152W8dBpuAlCKKdiasv4s6S73W724I5iUZK/dDuVMhN0G2zlAuDNnsx5Y 1jU+cBKi4i4n8MW8VeS1xIbcg4M0ijm6w0I9ao2wSJZzScMou7yHA+OKJ9zyCq+xr4QAnE EywaRO4UD12ae10FgQ9TZMw2WPIDiWI= X-MC-Unique: XXrVKGbAOF-PVTStMKgR7w-1 From: Cole Robinson To: libvir-list@redhat.com Subject: [PATCH v2 2/2] qemu: virtiofs: support Date: Fri, 26 Mar 2021 13:15:43 -0400 Message-Id: In-Reply-To: References: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Cole Robinson X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" This maps to `virtiofsd -o sandbox=3Dchroot|namespace`, which was added in qemu 5.2.0: https://git.qemu.org/?p=3Dqemu.git;a=3Dcommit;h=3D06844584b62a43384642f7243= b0fc01c9fff0fc7 Signed-off-by: Cole Robinson Reviewed-by: Michal Privoznik --- src/qemu/qemu_validate.c | 7 +++++++ src/qemu/qemu_virtiofs.c | 2 ++ 2 files changed, 9 insertions(+) diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c index 6043f974ce..b272ab0087 100644 --- a/src/qemu/qemu_validate.c +++ b/src/qemu/qemu_validate.c @@ -4081,6 +4081,13 @@ qemuValidateDomainDeviceDefFS(virDomainFSDefPtr fs, } } =20 + if (fs->fsdriver !=3D VIR_DOMAIN_FS_DRIVER_TYPE_VIRTIOFS && + fs->sandbox !=3D VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("sandbox can only be used with driver=3Dvirtiofs"= )); + return -1; + } + switch ((virDomainFSDriverType) fs->fsdriver) { case VIR_DOMAIN_FS_DRIVER_TYPE_DEFAULT: case VIR_DOMAIN_FS_DRIVER_TYPE_PATH: diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c index 2e239cad66..988b757d6f 100644 --- a/src/qemu/qemu_virtiofs.c +++ b/src/qemu/qemu_virtiofs.c @@ -131,6 +131,8 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfigPtr cfg, virQEMUBuildBufferEscapeComma(&opts, fs->src->path); if (fs->cache) virBufferAsprintf(&opts, ",cache=3D%s", virDomainFSCacheModeTypeTo= String(fs->cache)); + if (fs->sandbox) + virBufferAsprintf(&opts, ",sandbox=3D%s", virDomainFSSandboxModeTy= peToString(fs->sandbox)); =20 if (fs->xattr =3D=3D VIR_TRISTATE_SWITCH_ON) virBufferAddLit(&opts, ",xattr"); --=20 2.30.2