From nobody Sat Jun 22 10:30:52 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1613518709; cv=none; d=zohomail.com; s=zohoarc; b=ZeAlHZmkn02fbZmInEAMhDu/jJbm6kVRsu7pK7T+88zOnAUFYH+QOAptKohLqdyE4+FUz/mJy0EkcqaCbgAZxY13BJNexS67Ta29bto3ErZkuIaRujqY0STt4e6hApfDpq3dkyI2M0CCJyO4EJIbJV8FSHt/Zhiz3uiqKCksaXs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1613518709; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=/Ihq4SluZlC1pMrko4dIOM4hEbaIVETduTQQY4CEd3w=; b=M5zeB0d8X08bug6Kp4eT7r1Yii2VU+QQbY+x0lEN2nVRhKIN83jANVHlJNZzPTqnIStldj6jkBRbc4uMalId1rEqPB+bZiixuRTjFFJLamvXdf5ak48CAibkHiqnSoVMtZSL95a5fyhMQOII9BgikEioeMk0WZ3ORkvhkyQ1oDY= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 161351870941937.88350866700148; Tue, 16 Feb 2021 15:38:29 -0800 (PST) Received: from localhost ([::1]:57606 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lC9vI-0004dV-6x for importer@patchew.org; Tue, 16 Feb 2021 18:38:28 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50068) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lC9tZ-0002z8-M0 for qemu-devel@nongnu.org; Tue, 16 Feb 2021 18:36:41 -0500 Received: from us-smtp-delivery-124.mimecast.com ([216.205.24.124]:20243) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1lC9tW-0002FO-A8 for qemu-devel@nongnu.org; Tue, 16 Feb 2021 18:36:41 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-35-CoYtU7-tO6ea4pangcuLlQ-1; Tue, 16 Feb 2021 18:36:32 -0500 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D22E8192CC41; Tue, 16 Feb 2021 23:36:31 +0000 (UTC) Received: from horse.redhat.com (ovpn-114-123.rdu2.redhat.com [10.10.114.123]) by smtp.corp.redhat.com (Postfix) with ESMTP id D9FB21975F; Tue, 16 Feb 2021 23:36:25 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 341A6223D98; Tue, 16 Feb 2021 18:36:25 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613518596; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=/Ihq4SluZlC1pMrko4dIOM4hEbaIVETduTQQY4CEd3w=; b=CF1RIc/toYbyjba4rTdRyRHGtyKNfP3C0e6/lAC/DNRnQf220t2Et35mBLgD3ZhzSeTg2K RSYtUJ1ZQ69wzcQ9yEayj2BboUKwvrLylgvjMfWYofUE/sTz69G04eRwKdTlhj5uwzPK65 B4oWEyutBhX4PKknNvzpZrZOv4Bbzbg= X-MC-Unique: CoYtU7-tO6ea4pangcuLlQ-1 From: Vivek Goyal To: qemu-devel@nongnu.org, virtio-fs@redhat.com Subject: [PATCH 1/3] virtiofsd: Add an option to enable/disable posix acls Date: Tue, 16 Feb 2021 18:36:09 -0500 Message-Id: <20210216233611.33400-2-vgoyal@redhat.com> In-Reply-To: <20210216233611.33400-1-vgoyal@redhat.com> References: <20210216233611.33400-1-vgoyal@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=vgoyal@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=216.205.24.124; envelope-from=vgoyal@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: miklos@szeredi.hu, stefanha@redhat.com, dgilbert@redhat.com, vgoyal@redhat.com, lhenriques@suse.de Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" fuse has an option FUSE_POSIX_ACL which needs to be opted in by fuse server to enable posix acls. Add virtiofsd option "-o posix_acl/no_posix_acl" to let users enable/disable posix acl support. By default it is disabled as of now. Signed-off-by: Vivek Goyal --- tools/virtiofsd/passthrough_ll.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough= _ll.c index 147b59338a..34b2848e61 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -168,6 +168,7 @@ struct lo_data { =20 /* An O_PATH file descriptor to /proc/self/fd/ */ int proc_self_fd; + int user_posix_acl; }; =20 static const struct fuse_opt lo_opts[] =3D { @@ -198,6 +199,8 @@ static const struct fuse_opt lo_opts[] =3D { { "allow_direct_io", offsetof(struct lo_data, allow_direct_io), 1 }, { "no_allow_direct_io", offsetof(struct lo_data, allow_direct_io), 0 }, { "announce_submounts", offsetof(struct lo_data, announce_submounts), = 1 }, + { "posix_acl", offsetof(struct lo_data, user_posix_acl), 1 }, + { "no_posix_acl", offsetof(struct lo_data, user_posix_acl), 0 }, FUSE_OPT_END }; static bool use_syslog =3D false; @@ -630,6 +633,23 @@ static void lo_init(void *userdata, struct fuse_conn_i= nfo *conn) "does not support it\n"); lo->announce_submounts =3D false; } + + if (lo->user_posix_acl =3D=3D 1) { + /* + * User explicitly asked for this option. Enable it unconditionall= y. + * If connection does not have this capability, it should fail + * in fuse_lowlevel.c + */ + fuse_log(FUSE_LOG_DEBUG, "lo_init: enabling posix acl\n"); + conn->want |=3D FUSE_CAP_POSIX_ACL; + } else { + /* + * Either user specified to disable posix_acl, or did not specify + * anything. In both the cases do not enable posix acl. + */ + fuse_log(FUSE_LOG_DEBUG, "lo_init: disabling posix_acl\n"); + conn->want &=3D ~FUSE_CAP_POSIX_ACL; + } } =20 static void lo_getattr(fuse_req_t req, fuse_ino_t ino, @@ -3533,6 +3553,7 @@ int main(int argc, char *argv[]) .posix_lock =3D 0, .allow_direct_io =3D 0, .proc_self_fd =3D -1, + .user_posix_acl =3D -1, }; struct lo_map_elem *root_elem; struct lo_map_elem *reserve_elem; --=20 2.25.4 From nobody Sat Jun 22 10:30:52 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1613518713301876.0864303349662; Tue, 16 Feb 2021 15:38:33 -0800 (PST) Received: from localhost ([::1]:57884 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lC9vM-0004kY-71 for importer@patchew.org; Tue, 16 Feb 2021 18:38:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50088) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lC9tb-00030F-1s for qemu-devel@nongnu.org; Tue, 16 Feb 2021 18:36:43 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:40260) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1lC9tW-0002FW-Us for qemu-devel@nongnu.org; Tue, 16 Feb 2021 18:36:42 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-158-OfZ2rDPNMgGn-hlqhwZGNA-1; Tue, 16 Feb 2021 18:36:35 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id A85E9801965; Tue, 16 Feb 2021 23:36:34 +0000 (UTC) Received: from horse.redhat.com (ovpn-114-123.rdu2.redhat.com [10.10.114.123]) by smtp.corp.redhat.com (Postfix) with ESMTP id D9D505D72F; Tue, 16 Feb 2021 23:36:25 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 375E2223D99; Tue, 16 Feb 2021 18:36:25 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613518597; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Rt2eiX4e/7dEG17+7OZ8RGZzWiyDcVJLHQ2KXahXvuk=; b=ipeR3e+kHm7fivUST5QrbqidfSRa7PEQlHLMZq4z9rXTgNRPkaJzcyFGaHdD/3AzVk5t1d cq5YFPq4XBOp7ccBN5llyL0616ZQeqLAM8NCf2Z7hcU/qL+q4J7g57gq7jCWUQm6kQL6kt 33b/m5wc2dnSfRXHvEpruf/77A/zD50= X-MC-Unique: OfZ2rDPNMgGn-hlqhwZGNA-1 From: Vivek Goyal To: qemu-devel@nongnu.org, virtio-fs@redhat.com Subject: [PATCH 2/3] virtiofsd: Add umask to seccom allow list Date: Tue, 16 Feb 2021 18:36:10 -0500 Message-Id: <20210216233611.33400-3-vgoyal@redhat.com> In-Reply-To: <20210216233611.33400-1-vgoyal@redhat.com> References: <20210216233611.33400-1-vgoyal@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=vgoyal@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=63.128.21.124; envelope-from=vgoyal@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: miklos@szeredi.hu, stefanha@redhat.com, dgilbert@redhat.com, vgoyal@redhat.com, lhenriques@suse.de Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" Next patch is going to make use of "umask" syscall. So allow it. Signed-off-by: Vivek Goyal --- tools/virtiofsd/passthrough_seccomp.c | 1 + 1 file changed, 1 insertion(+) diff --git a/tools/virtiofsd/passthrough_seccomp.c b/tools/virtiofsd/passth= rough_seccomp.c index ea852e2e33..f0313c5ce4 100644 --- a/tools/virtiofsd/passthrough_seccomp.c +++ b/tools/virtiofsd/passthrough_seccomp.c @@ -114,6 +114,7 @@ static const int syscall_whitelist[] =3D { SCMP_SYS(utimensat), SCMP_SYS(write), SCMP_SYS(writev), + SCMP_SYS(umask), }; =20 /* Syscalls used when --syslog is enabled */ --=20 2.25.4 From nobody Sat Jun 22 10:30:52 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 161351871314235.71161508726698; Tue, 16 Feb 2021 15:38:33 -0800 (PST) Received: from localhost ([::1]:57912 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lC9vM-0004kr-5D for importer@patchew.org; Tue, 16 Feb 2021 18:38:32 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:50048) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lC9tX-0002xI-3p for qemu-devel@nongnu.org; Tue, 16 Feb 2021 18:36:39 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:48238) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1lC9tT-0002FF-CP for qemu-devel@nongnu.org; Tue, 16 Feb 2021 18:36:38 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-446-sp7Q_FogPd-CHrPwtuIWHQ-1; Tue, 16 Feb 2021 18:36:32 -0500 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B904280364B; Tue, 16 Feb 2021 23:36:31 +0000 (UTC) Received: from horse.redhat.com (ovpn-114-123.rdu2.redhat.com [10.10.114.123]) by smtp.corp.redhat.com (Postfix) with ESMTP id BFBE110016FD; Tue, 16 Feb 2021 23:36:25 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 3B5C4225FCD; Tue, 16 Feb 2021 18:36:25 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1613518594; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5Ju3wwRU2KI0P5XAy04Kxw6gLp4WGBGW2slJkOkzBRs=; b=cwrkeF25kKFS0Vzs16aU/WaW9ZYcGWiTRgBRpfbn5NrBhCHep5zmWmBOwdGvCWNffVfxOR QaCjRaurbhPaPujJ52q3DsUCmhdxZyCZjjdOhK503Q3KJATZJM/4qz1UQUSlIgiqkBg8Zz +6pFKLKYBninDPr2RZ5umOtq2pHgSzo= X-MC-Unique: sp7Q_FogPd-CHrPwtuIWHQ-1 From: Vivek Goyal To: qemu-devel@nongnu.org, virtio-fs@redhat.com Subject: [PATCH 3/3] virtiofsd: Change umask if posix acls are enabled Date: Tue, 16 Feb 2021 18:36:11 -0500 Message-Id: <20210216233611.33400-4-vgoyal@redhat.com> In-Reply-To: <20210216233611.33400-1-vgoyal@redhat.com> References: <20210216233611.33400-1-vgoyal@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=vgoyal@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=63.128.21.124; envelope-from=vgoyal@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: miklos@szeredi.hu, stefanha@redhat.com, dgilbert@redhat.com, vgoyal@redhat.com, lhenriques@suse.de Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" When parent directory has default acl and a file is created in that directory, then umask is ignored and final file permissions are determined using default acl instead. (man 2 umask). Currently, fuse applies the umask and sends modified mode in create request accordingly. fuse server can set FUSE_DONT_MASK and tell fuse client to not apply umask and fuse server will take care of it as needed. With posix acls enabled, requirement will be that we want umask to determine final file mode if parent directory does not have default acl. So if posix acls are enabled, opt in for FUSE_DONT_MASK. virtiofsd will set umask of the thread doing file creation. And host kernel should use that umask if parent directory does not have default acls, otherwise umask does not take affect. Miklos mentioned that we already call unshare(CLONE_FS) for every thread. That means umask has now become property of per thread and it should be ok to manipulate it in file creation path. So this patch opts in for FUSE_DONT_MASK if posix acls are enabled and changes umask to caller umask before file creation and restores original umask after file creation is done. This should fix fstest generic/099. Reported-by: Luis Henriques Signed-off-by: Vivek Goyal --- tools/virtiofsd/passthrough_ll.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough= _ll.c index 34b2848e61..84691571d2 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -120,6 +120,7 @@ struct lo_inode { struct lo_cred { uid_t euid; gid_t egid; + mode_t umask; }; =20 enum { @@ -169,6 +170,8 @@ struct lo_data { /* An O_PATH file descriptor to /proc/self/fd/ */ int proc_self_fd; int user_posix_acl; + /* If set, virtiofsd is responsible for setting umask during creation = */ + bool change_umask; }; =20 static const struct fuse_opt lo_opts[] =3D { @@ -641,7 +644,8 @@ static void lo_init(void *userdata, struct fuse_conn_in= fo *conn) * in fuse_lowlevel.c */ fuse_log(FUSE_LOG_DEBUG, "lo_init: enabling posix acl\n"); - conn->want |=3D FUSE_CAP_POSIX_ACL; + conn->want |=3D FUSE_CAP_POSIX_ACL | FUSE_CAP_DONT_MASK; + lo->change_umask =3D true; } else { /* * Either user specified to disable posix_acl, or did not specify @@ -649,6 +653,7 @@ static void lo_init(void *userdata, struct fuse_conn_in= fo *conn) */ fuse_log(FUSE_LOG_DEBUG, "lo_init: disabling posix_acl\n"); conn->want &=3D ~FUSE_CAP_POSIX_ACL; + lo->change_umask =3D false; } } =20 @@ -1043,7 +1048,8 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t pare= nt, const char *name) * ownership of caller. * TODO: What about selinux context? */ -static int lo_change_cred(fuse_req_t req, struct lo_cred *old) +static int lo_change_cred(fuse_req_t req, struct lo_cred *old, + bool change_umask) { int res; =20 @@ -1063,11 +1069,14 @@ static int lo_change_cred(fuse_req_t req, struct lo= _cred *old) return errno_save; } =20 + if (change_umask) + old->umask =3D umask(req->ctx.umask); + return 0; } =20 /* Regain Privileges */ -static void lo_restore_cred(struct lo_cred *old) +static void lo_restore_cred(struct lo_cred *old, bool restore_umask) { int res; =20 @@ -1082,6 +1091,9 @@ static void lo_restore_cred(struct lo_cred *old) fuse_log(FUSE_LOG_ERR, "setegid(%u): %m\n", old->egid); exit(1); } + + if (restore_umask) + umask(old->umask); } =20 static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent, @@ -1106,7 +1118,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino= _t parent, return; } =20 - saverr =3D lo_change_cred(req, &old); + saverr =3D lo_change_cred(req, &old, lo->change_umask && !S_ISLNK(mode= )); if (saverr) { goto out; } @@ -1115,7 +1127,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino= _t parent, =20 saverr =3D errno; =20 - lo_restore_cred(&old); + lo_restore_cred(&old, lo->change_umask && !S_ISLNK(mode)); =20 if (res =3D=3D -1) { goto out; @@ -1780,7 +1792,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t pare= nt, const char *name, return; } =20 - err =3D lo_change_cred(req, &old); + err =3D lo_change_cred(req, &old, lo->change_umask); if (err) { goto out; } @@ -1791,7 +1803,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t pare= nt, const char *name, fd =3D openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mo= de); err =3D fd =3D=3D -1 ? errno : 0; =20 - lo_restore_cred(&old); + lo_restore_cred(&old, lo->change_umask); =20 /* Ignore the error if file exists and O_EXCL was not given */ if (err && (err !=3D EEXIST || (fi->flags & O_EXCL))) { --=20 2.25.4