From nobody Fri Apr 19 21:48:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593431739; cv=none; d=zohomail.com; s=zohoarc; b=f9hNqeSMDWyhoGYEulqTIwdBhd3RM2EZIId24KSarMCgmjXPLbNI+n6SCnCl+iJ9u4xfSd6pX3RZ+F1YLJSDyveRs9c8nWfif4Owp1BdtRfo4bWcEGOxw6M0JDXsthPlLV3TEkdrQRFoqB6R2uwGCMrtnOV4RwxcPcEoGN/HpAM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593431739; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=8XnErx6ZAeEnolYIe84nUUnWLaj+8UOqElaNNo0W5Rg=; b=VXLd9d2uxluJ+9TMbC+3woKV0f51fVd2UYazINGPKttw4vQPsrMYJS5E0XQZiuMasKY82XSS5b0JS5WhtI+Gs4IHUL34ajoyGjy0alxNftHAUy49CpJN1RTQH3BhmyAHTFY98M3MPIRP+bFeeEkMZvPZ+ARYRVJ5TKSoFFfU/nA= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1593431739057705.7988869278183; Mon, 29 Jun 2020 04:55:39 -0700 (PDT) Received: from localhost ([::1]:33128 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jpsNt-0001Vk-Nj for importer@patchew.org; Mon, 29 Jun 2020 07:55:37 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56934) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jpsMt-00004x-J0 for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:54:35 -0400 Received: from us-smtp-1.mimecast.com ([205.139.110.61]:42643 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jpsMr-0007GG-S3 for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:54:35 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-374-BFR1Fn0UNcCI6ixDtK-E9A-1; Mon, 29 Jun 2020 07:54:31 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 5DBFD464 for ; Mon, 29 Jun 2020 11:54:30 +0000 (UTC) Received: from dgilbert-t580.localhost (ovpn-114-210.ams2.redhat.com [10.36.114.210]) by smtp.corp.redhat.com (Postfix) with ESMTP id 54D0B9CFD1; Mon, 29 Jun 2020 11:54:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593431672; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8XnErx6ZAeEnolYIe84nUUnWLaj+8UOqElaNNo0W5Rg=; b=BdU9EvSpvxZQItEBajuqcBJ0bgs5GR5P9yfuahe0cmPmKBpdgsEkAC65ACx/+5+KbDilGz mqC04cAm4jgBI4AkbR3adMh3M4FG7icy1SXeNf8qO9KAQF2CrTUXBldXkHAvj3JMLMdjW2 Ieii0cvHJb3+UnH1kO51ThVh3xkuHUk= X-MC-Unique: BFR1Fn0UNcCI6ixDtK-E9A-1 From: "Dr. David Alan Gilbert (git)" To: qemu-devel@nongnu.org, virtio-fs@redhat.com, stefanha@redhat.com, vgoyal@redhat.com Subject: [PATCH v2 1/3] virtiofsd: Terminate capability list Date: Mon, 29 Jun 2020 12:54:18 +0100 Message-Id: <20200629115420.98443-2-dgilbert@redhat.com> In-Reply-To: <20200629115420.98443-1-dgilbert@redhat.com> References: <20200629115420.98443-1-dgilbert@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.61; envelope-from=dgilbert@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/29 01:06:01 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" From: "Dr. David Alan Gilbert" capng_updatev is a varargs function that needs a -1 to terminate it, but it was missing. In practice what seems to have been happening is that it's added the capabilities we asked for, then runs into junk on the stack, so if we're unlucky it might be adding some more, but in reality it's failing - but after adding the capabilities we asked for. Fixes: a59feb483b8 ("virtiofsd: only retain file system capabilities") Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Stefan Hajnoczi Acked-by: Vivek Goyal --- tools/virtiofsd/passthrough_ll.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough= _ll.c index 2ce7c96085..e373e3b36e 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -2598,7 +2598,9 @@ static void setup_capabilities(void) CAP_SETGID, CAP_SETUID, CAP_MKNOD, - CAP_SETFCAP); + CAP_SETFCAP, + -1); + capng_apply(CAPNG_SELECT_BOTH); =20 cap.saved =3D capng_save_state(); --=20 2.26.2 From nobody Fri Apr 19 21:48:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593431819; cv=none; d=zohomail.com; s=zohoarc; b=Ghqo3tfe+1dNPLPNFgPrS0Eligf8XvZSuOJBW8dkhLc54ZnXWMJjwaoQFFpz043VO6gQdMMg1W51skLaOdrBYZ3eDNRPJpOs6gx7+98WFjjJ+cVnsHXGOm0ZQZnrAYhj3hZ0Hd4+znkzNKbiUY6D8AO7VTWTadqv4tkG+hiY6xY= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593431819; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=Mji2VZefKYBc2WwzMHOzrV0/osx4TGutpi09pgSZE74=; b=jlNvyAOQvuwccqPT3t1+0wQvxpZ8Gl+BdOyjkJYX3MtTUC9n6QKF8UPY0u2bOXZ2VbJi2vBp2H0m3M1mNpxCqhsWx9dq64rmqu/7NvV7x/37C+roMPfwsJKbmbqXg9UIfseqCaoyz+wQ8Ff02qz278Sxzgm1BU5l2iNT9MAYfzE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 15934318197401007.2072094995189; Mon, 29 Jun 2020 04:56:59 -0700 (PDT) Received: from localhost ([::1]:40696 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jpsPC-0004jn-K7 for importer@patchew.org; Mon, 29 Jun 2020 07:56:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56940) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jpsMu-00007C-IB for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:54:36 -0400 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120]:55134 helo=us-smtp-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jpsMs-0007GW-TN for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:54:36 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-90-sJLutpjKPsafhlt0DHeWlQ-1; Mon, 29 Jun 2020 07:54:32 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A301AEC1A3 for ; Mon, 29 Jun 2020 11:54:31 +0000 (UTC) Received: from dgilbert-t580.localhost (ovpn-114-210.ams2.redhat.com [10.36.114.210]) by smtp.corp.redhat.com (Postfix) with ESMTP id A7C9796B8F; Mon, 29 Jun 2020 11:54:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593431674; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Mji2VZefKYBc2WwzMHOzrV0/osx4TGutpi09pgSZE74=; b=Ssm65922WGOc49zH1f+ZzkQg921sdyZuBMzuIinisvJYbNutIBixoAOQ1jC8MJ4iMLuTcH fETt+RyiTsTt//anR7/L7vbo+SPvb/74oWAzfK+4tuEU0Atg8yIr4nPsHpqHYpS1LgfhJV CdG8buVuhz9YOyj17tfdUNc7V83hGiE= X-MC-Unique: sJLutpjKPsafhlt0DHeWlQ-1 From: "Dr. David Alan Gilbert (git)" To: qemu-devel@nongnu.org, virtio-fs@redhat.com, stefanha@redhat.com, vgoyal@redhat.com Subject: [PATCH v2 2/3] virtiofsd: Check capability calls Date: Mon, 29 Jun 2020 12:54:19 +0100 Message-Id: <20200629115420.98443-3-dgilbert@redhat.com> In-Reply-To: <20200629115420.98443-1-dgilbert@redhat.com> References: <20200629115420.98443-1-dgilbert@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=dgilbert@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=205.139.110.120; envelope-from=dgilbert@redhat.com; helo=us-smtp-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/29 01:10:03 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" From: "Dr. David Alan Gilbert" Check the capability calls worked. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Stefan Hajnoczi Acked-by: Vivek Goyal --- tools/virtiofsd/passthrough_ll.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough= _ll.c index e373e3b36e..99d562046a 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -2589,7 +2589,7 @@ static void setup_capabilities(void) */ capng_setpid(syscall(SYS_gettid)); capng_clear(CAPNG_SELECT_BOTH); - capng_updatev(CAPNG_ADD, CAPNG_PERMITTED | CAPNG_EFFECTIVE, + if (capng_updatev(CAPNG_ADD, CAPNG_PERMITTED | CAPNG_EFFECTIVE, CAP_CHOWN, CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH, @@ -2599,11 +2599,21 @@ static void setup_capabilities(void) CAP_SETUID, CAP_MKNOD, CAP_SETFCAP, - -1); + -1)) { + fuse_log(FUSE_LOG_ERR, "%s: capng_updatev failed\n", __func__); + exit(1); + } =20 - capng_apply(CAPNG_SELECT_BOTH); + if (capng_apply(CAPNG_SELECT_BOTH)) { + fuse_log(FUSE_LOG_ERR, "%s: capng_apply failed\n", __func__); + exit(1); + } =20 cap.saved =3D capng_save_state(); + if (!cap.saved) { + fuse_log(FUSE_LOG_ERR, "%s: capng_save_state failed\n", __func__); + exit(1); + } pthread_mutex_unlock(&cap.mutex); } =20 --=20 2.26.2 From nobody Fri Apr 19 21:48:28 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1593431768; cv=none; d=zohomail.com; s=zohoarc; b=dI8C2ez7ZaP+BVMSLMtXB19Kay9uuxWzgacvCdLn4Q8VioO5p7V2rhZeKfQ2yr0ZWxcBiLpsyJI0pmZ/34LOmCjTgxQvYuXX77DQwcei6C0QLOBEW15GbLFHlV9ouBIUt4jNp9FIPj9oLpi3h0AJTgttaoyNaPIBzeZuVGnWo/0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1593431768; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=DR2V2BBHsG+LGIjl5IOmfZkGDo12TCocbWRIyagf6LU=; b=Zt0YT1zfhR5qonCpD7s8j6wX1HryE9Mk/eRhXgFu0YgHx1ITVFb/7Z+j2i0E2knQJUlPf+hmrLM/ucs8mN0ZN6IE3U+jS817KdNhgaNmc+110o5p3Jk7WKYyxTc/AzXUDhugGF/7UsIGDMbhBEi04Qr5kscNNlLpE1NOumRNRqw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=pass header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1593431768779526.8836299080601; Mon, 29 Jun 2020 04:56:08 -0700 (PDT) Received: from localhost ([::1]:35952 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jpsON-0002o0-G0 for importer@patchew.org; Mon, 29 Jun 2020 07:56:07 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56950) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jpsMv-00009o-Sy for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:54:37 -0400 Received: from us-smtp-1.mimecast.com ([207.211.31.81]:47969 helo=us-smtp-delivery-1.mimecast.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1jpsMu-0007Gj-0P for qemu-devel@nongnu.org; Mon, 29 Jun 2020 07:54:37 -0400 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-351-2IH-sa_AN866NuLaFNULGQ-1; Mon, 29 Jun 2020 07:54:33 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id EB71E107ACF6 for ; Mon, 29 Jun 2020 11:54:32 +0000 (UTC) Received: from dgilbert-t580.localhost (ovpn-114-210.ams2.redhat.com [10.36.114.210]) by smtp.corp.redhat.com (Postfix) with ESMTP id ECB0D96B8F; Mon, 29 Jun 2020 11:54:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1593431675; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=DR2V2BBHsG+LGIjl5IOmfZkGDo12TCocbWRIyagf6LU=; b=NSY6y1Qh52iAW0vcbIf9HSzcBt4OV3Pyd+fxQ8j/aH3/p+gXWoV+lhZO065KhWSFBOfxLU +0iyPUUtk2ZkROh8CC2DDQkc8CVPuB5eBQPTCRLps5+Zs8M5QXJ5haIyo4W5zsK0Q+GVpM z9X2VwL2MFx6StB6+8ebsXg3HxkR6gc= X-MC-Unique: 2IH-sa_AN866NuLaFNULGQ-1 From: "Dr. David Alan Gilbert (git)" To: qemu-devel@nongnu.org, virtio-fs@redhat.com, stefanha@redhat.com, vgoyal@redhat.com Subject: [PATCH v2 3/3] virtiofsd: Allow addition or removal of capabilities Date: Mon, 29 Jun 2020 12:54:20 +0100 Message-Id: <20200629115420.98443-4-dgilbert@redhat.com> In-Reply-To: <20200629115420.98443-1-dgilbert@redhat.com> References: <20200629115420.98443-1-dgilbert@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=207.211.31.81; envelope-from=dgilbert@redhat.com; helo=us-smtp-delivery-1.mimecast.com X-detected-operating-system: by eggs.gnu.org: First seen = 2020/06/29 01:03:51 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -30 X-Spam_score: -3.1 X-Spam_bar: --- X-Spam_report: (-3.1 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: pass (identity @redhat.com) Content-Type: text/plain; charset="utf-8" From: "Dr. David Alan Gilbert" Allow capabilities to be added or removed from the allowed set for the daemon; e.g. default: CapPrm: 00000000880000df CapEff: 00000000880000df -o modcaps=3D+sys_admin CapPrm: 00000000882000df CapEff: 00000000882000df -o modcaps=3D+sys_admin:-chown CapPrm: 00000000882000de CapEff: 00000000882000de Signed-off-by: Dr. David Alan Gilbert Acked-by: Vivek Goyal Reviewed-by: Stefan Hajnoczi --- docs/tools/virtiofsd.rst | 5 +++ tools/virtiofsd/helper.c | 2 ++ tools/virtiofsd/passthrough_ll.c | 53 ++++++++++++++++++++++++++++++-- 3 files changed, 58 insertions(+), 2 deletions(-) diff --git a/docs/tools/virtiofsd.rst b/docs/tools/virtiofsd.rst index 378594c422..824e713491 100644 --- a/docs/tools/virtiofsd.rst +++ b/docs/tools/virtiofsd.rst @@ -54,6 +54,11 @@ Options * flock|no_flock - Enable/disable flock. The default is ``no_flock``. =20 + * modcaps=3DCAPLIST + Modify the list of capabilities allowed; CAPLIST is a colon separated + list of capabilities, each preceded by either + or -, e.g. + ''+sys_admin:-chown''. + * log_level=3DLEVEL - Print only log messages matching LEVEL or more severe. LEVEL is one of ``err``, ``warn``, ``info``, or ``debug``. The default is ``info``. diff --git a/tools/virtiofsd/helper.c b/tools/virtiofsd/helper.c index 00a1ef666a..3105b6c23a 100644 --- a/tools/virtiofsd/helper.c +++ b/tools/virtiofsd/helper.c @@ -174,6 +174,8 @@ void fuse_cmdline_help(void) " default: no_writeback\n" " -o xattr|no_xattr enable/disable xattr\n" " default: no_xattr\n" + " -o modcaps=3DCAPLIST Modify the list of capabiliti= es\n" + " e.g. -o modcaps=3D+sys_admin:-c= hown\n" " --rlimit-nofile=3D set maximum number of file de= scriptors\n" " (0 leaves rlimit unchanged)\n" " default: min(1000000, fs.file-m= ax - 16384)\n" diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough= _ll.c index 99d562046a..94e0de2d2b 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -145,6 +145,7 @@ struct lo_data { int posix_lock; int xattr; char *source; + char *modcaps; double timeout; int cache; int timeout_set; @@ -170,6 +171,7 @@ static const struct fuse_opt lo_opts[] =3D { { "no_posix_lock", offsetof(struct lo_data, posix_lock), 0 }, { "xattr", offsetof(struct lo_data, xattr), 1 }, { "no_xattr", offsetof(struct lo_data, xattr), 0 }, + { "modcaps=3D%s", offsetof(struct lo_data, modcaps), 0 }, { "timeout=3D%lf", offsetof(struct lo_data, timeout), 0 }, { "timeout=3D", offsetof(struct lo_data, timeout_set), 1 }, { "cache=3Dnone", offsetof(struct lo_data, cache), CACHE_NONE }, @@ -2570,9 +2572,11 @@ static void setup_mounts(const char *source) =20 /* * Only keep whitelisted capabilities that are needed for file system oper= ation + * The (possibly NULL) modcaps_in string passed in is free'd before exit. */ -static void setup_capabilities(void) +static void setup_capabilities(char *modcaps_in) { + char *modcaps =3D modcaps_in; pthread_mutex_lock(&cap.mutex); capng_restore_state(&cap.saved); =20 @@ -2604,6 +2608,51 @@ static void setup_capabilities(void) exit(1); } =20 + /* + * The modcaps option is a colon separated list of caps, + * each preceded by either + or -. + */ + while (modcaps) { + capng_act_t action; + int cap; + + char *next =3D strchr(modcaps, ':'); + if (next) { + *next =3D '\0'; + next++; + } + + switch (modcaps[0]) { + case '+': + action =3D CAPNG_ADD; + break; + + case '-': + action =3D CAPNG_DROP; + break; + + default: + fuse_log(FUSE_LOG_ERR, + "%s: Expecting '+'/'-' in modcaps but found '%c'\n", + __func__, modcaps[0]); + exit(1); + } + cap =3D capng_name_to_capability(modcaps + 1); + if (cap < 0) { + fuse_log(FUSE_LOG_ERR, "%s: Unknown capability '%s'\n", __func= __, + modcaps); + exit(1); + } + if (capng_update(action, CAPNG_PERMITTED | CAPNG_EFFECTIVE, cap)) { + fuse_log(FUSE_LOG_ERR, "%s: capng_update failed for '%s'\n", + __func__, modcaps); + exit(1); + } + + modcaps =3D next; + } + g_free(modcaps_in); + if (capng_apply(CAPNG_SELECT_BOTH)) { fuse_log(FUSE_LOG_ERR, "%s: capng_apply failed\n", __func__); exit(1); @@ -2627,7 +2676,7 @@ static void setup_sandbox(struct lo_data *lo, struct = fuse_session *se, setup_namespaces(lo, se); setup_mounts(lo->source); setup_seccomp(enable_syslog); - setup_capabilities(); + setup_capabilities(g_strdup(lo->modcaps)); } =20 /* Set the maximum number of open file descriptors */ --=20 2.26.2