From nobody Wed Nov 19 03:01:46 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1614187110; cv=none; d=zohomail.com; s=zohoarc; b=jZPGJUTRq4Rjfrg/ORHpGVofzGkQ79MbRbGwjf59LK/3ifKzjS0PxRqjRE+STkox2V2Ipk5I4B7kn/h04vcrqs0jjI/e938jC9/gQmFKGrFJp54fWugPD95v30Awuql3D9+X6SSNfgNj5PlZrvRxt2yr25m3TIT4QvvUalIo8FM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1614187110; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To; bh=ufw2mSN3nG0bsFaYzdDzf2yZ5E3MiTJUwheRizI6CEo=; b=Xp2F0IE784hBksl7Xg2rfMkems/jVvph7MNGC4Jd0PsN1vFk9JKNQDHLDXTNAqERX6VHhTvOVK33iJO+pa0YrwYu1y/VW0vJN+QGo+7P5A7WD7NEnNrpoAVqFU1P+EaooWWzPXhw2mJeImjjcWZ8iRSOAlLQMgIgw2KnCVnWurg= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1614187110320188.8870700623297; Wed, 24 Feb 2021 09:18:30 -0800 (PST) Received: from localhost ([::1]:39290 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lExnw-00049t-Sp for importer@patchew.org; Wed, 24 Feb 2021 12:18:28 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:44304) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lExVW-00046z-S9 for qemu-devel@nongnu.org; Wed, 24 Feb 2021 11:59:26 -0500 Received: from us-smtp-delivery-124.mimecast.com ([63.128.21.124]:49754) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.90_1) (envelope-from ) id 1lExVT-0007RX-HN for qemu-devel@nongnu.org; Wed, 24 Feb 2021 11:59:26 -0500 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-238-2cy7qffcMkG7QaWKA05UbA-1; Wed, 24 Feb 2021 11:59:19 -0500 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 92F33801981; Wed, 24 Feb 2021 16:59:17 +0000 (UTC) Received: from horse.redhat.com (ovpn-115-86.rdu2.redhat.com [10.10.115.86]) by smtp.corp.redhat.com (Postfix) with ESMTP id 0396E5D9D7; Wed, 24 Feb 2021 16:59:10 +0000 (UTC) Received: by horse.redhat.com (Postfix, from userid 10451) id 6A92B223D99; Wed, 24 Feb 2021 11:59:10 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1614185962; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ufw2mSN3nG0bsFaYzdDzf2yZ5E3MiTJUwheRizI6CEo=; b=N4BxV9hXC/Z/arVNNBWzgTNiIJVV3WgeTHwomE0OoXmqPcGT4MU0D+ifvNCBDDVS4YfTeF AQiG+TGt6ZIAqzqF48vmTjJ8drZR+vomiW8/PtR38jt2WDsJNNoEaNoyykQLBztFD/4ld0 3R68TG1AiU69KxDpsTjPd0hRCE2sHPU= X-MC-Unique: 2cy7qffcMkG7QaWKA05UbA-1 From: Vivek Goyal To: qemu-devel@nongnu.org, virtio-fs@redhat.com Subject: [PATCH v4 2/3] virtiofsd: Add capability to change/restore umask Date: Wed, 24 Feb 2021 11:58:36 -0500 Message-Id: <20210224165837.21983-3-vgoyal@redhat.com> In-Reply-To: <20210224165837.21983-1-vgoyal@redhat.com> References: <20210224165837.21983-1-vgoyal@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=vgoyal@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=63.128.21.124; envelope-from=vgoyal@redhat.com; helo=us-smtp-delivery-124.mimecast.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: lhenriques@suse.de, stefanha@redhat.com, dgilbert@redhat.com, vgoyal@redhat.com, miklos@szeredi.hu Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) Content-Type: text/plain; charset="utf-8" When parent directory has default acl and a file is created in that directory, then umask is ignored and final file permissions are determined using default acl instead. (man 2 umask). Currently, fuse applies the umask and sends modified mode in create request accordingly. fuse server can set FUSE_DONT_MASK and tell fuse client to not apply umask and fuse server will take care of it as needed. With posix acls enabled, requirement will be that we want umask to determine final file mode if parent directory does not have default acl. So if posix acls are enabled, opt in for FUSE_DONT_MASK. virtiofsd will set umask of the thread doing file creation. And host kernel should use that umask if parent directory does not have default acls, otherwise umask does not take affect. Miklos mentioned that we already call unshare(CLONE_FS) for every thread. That means umask has now become property of per thread and it should be ok to manipulate it in file creation path. This patch only adds capability to change umask and restore it. It does not enable it yet. Next patch will add capability to enable it based on if user enabled posix_acl or not. This should fix fstest generic/099. Reported-by: Luis Henriques Signed-off-by: Vivek Goyal Reviewed-by: Stefan Hajnoczi --- tools/virtiofsd/passthrough_ll.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough= _ll.c index 58d24c0010..050142e568 100644 --- a/tools/virtiofsd/passthrough_ll.c +++ b/tools/virtiofsd/passthrough_ll.c @@ -120,6 +120,7 @@ struct lo_inode { struct lo_cred { uid_t euid; gid_t egid; + mode_t umask; }; =20 enum { @@ -169,6 +170,8 @@ struct lo_data { /* An O_PATH file descriptor to /proc/self/fd/ */ int proc_self_fd; int user_killpriv_v2, killpriv_v2; + /* If set, virtiofsd is responsible for setting umask during creation = */ + bool change_umask; }; =20 static const struct fuse_opt lo_opts[] =3D { @@ -1075,7 +1078,8 @@ static void lo_lookup(fuse_req_t req, fuse_ino_t pare= nt, const char *name) * ownership of caller. * TODO: What about selinux context? */ -static int lo_change_cred(fuse_req_t req, struct lo_cred *old) +static int lo_change_cred(fuse_req_t req, struct lo_cred *old, + bool change_umask) { int res; =20 @@ -1095,11 +1099,14 @@ static int lo_change_cred(fuse_req_t req, struct lo= _cred *old) return errno_save; } =20 + if (change_umask) { + old->umask =3D umask(req->ctx.umask); + } return 0; } =20 /* Regain Privileges */ -static void lo_restore_cred(struct lo_cred *old) +static void lo_restore_cred(struct lo_cred *old, bool restore_umask) { int res; =20 @@ -1114,6 +1121,9 @@ static void lo_restore_cred(struct lo_cred *old) fuse_log(FUSE_LOG_ERR, "setegid(%u): %m\n", old->egid); exit(1); } + + if (restore_umask) + umask(old->umask); } =20 static void lo_mknod_symlink(fuse_req_t req, fuse_ino_t parent, @@ -1138,7 +1148,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino= _t parent, return; } =20 - saverr =3D lo_change_cred(req, &old); + saverr =3D lo_change_cred(req, &old, lo->change_umask && !S_ISLNK(mode= )); if (saverr) { goto out; } @@ -1147,7 +1157,7 @@ static void lo_mknod_symlink(fuse_req_t req, fuse_ino= _t parent, =20 saverr =3D errno; =20 - lo_restore_cred(&old); + lo_restore_cred(&old, lo->change_umask && !S_ISLNK(mode)); =20 if (res =3D=3D -1) { goto out; @@ -1828,7 +1838,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t pare= nt, const char *name, return; } =20 - err =3D lo_change_cred(req, &old); + err =3D lo_change_cred(req, &old, lo->change_umask); if (err) { goto out; } @@ -1839,7 +1849,7 @@ static void lo_create(fuse_req_t req, fuse_ino_t pare= nt, const char *name, fd =3D openat(parent_inode->fd, name, fi->flags | O_CREAT | O_EXCL, mo= de); err =3D fd =3D=3D -1 ? errno : 0; =20 - lo_restore_cred(&old); + lo_restore_cred(&old, lo->change_umask); =20 /* Ignore the error if file exists and O_EXCL was not given */ if (err && (err !=3D EEXIST || (fi->flags & O_EXCL))) { --=20 2.25.4