From 50b0e58c88e56367beb934dcd8638a40a3b9b6c2 Mon Sep 17 00:00:00 2001
From: Sebastien Boeuf <sebastien.boeuf@intel.com>
Date: Thu, 14 Nov 2019 22:29:13 -0800
Subject: [PATCH] vhost_user_fs: Allow specific shared directory to be
 specified

Because the vhost_user_backend crate needs some changes to support
moving the process to a different mount namespace and perform a pivot
root, it is not possible to change '/' to the given shared directory.

This commit, as a temporary measure, let the code point at the given
shared directory.

The long term solution is to perform the mount namespace change and the
pivot root as this will provide greater security.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
---
 src/bin/vhost_user_fs.rs         |  8 ++++++--
 vhost_user_fs/src/passthrough.rs | 10 +++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/bin/vhost_user_fs.rs b/src/bin/vhost_user_fs.rs
index 1024f0e8e..a6f120989 100644
--- a/src/bin/vhost_user_fs.rs
+++ b/src/bin/vhost_user_fs.rs
@@ -199,7 +199,7 @@ fn main() {
         .get_matches();
 
     // Retrieve arguments
-    let _shared_dir = cmd_arguments
+    let shared_dir = cmd_arguments
         .value_of("shared-dir")
         .expect("Failed to retrieve shared directory path");
     let sock = cmd_arguments
@@ -209,7 +209,11 @@ fn main() {
     // Convert into appropriate types
     let sock = String::from(sock);
 
-    let fs = PassthroughFs::new(passthrough::Config::default()).unwrap();
+    let fs_cfg = passthrough::Config {
+        root_dir: shared_dir.to_string(),
+        ..Default::default()
+    };
+    let fs = PassthroughFs::new(fs_cfg).unwrap();
     let fs_backend = Arc::new(RwLock::new(VhostUserFsBackend::new(fs).unwrap()));
 
     let mut daemon = VhostUserDaemon::new(
diff --git a/vhost_user_fs/src/passthrough.rs b/vhost_user_fs/src/passthrough.rs
index 39ce69055..dc8d9cbc6 100644
--- a/vhost_user_fs/src/passthrough.rs
+++ b/vhost_user_fs/src/passthrough.rs
@@ -27,7 +27,6 @@ use crate::multikey::MultikeyBTreeMap;
 const CURRENT_DIR_CSTR: &[u8] = b".\0";
 const PARENT_DIR_CSTR: &[u8] = b"..\0";
 const EMPTY_CSTR: &[u8] = b"\0";
-const ROOT_CSTR: &[u8] = b"/\0";
 const PROC_CSTR: &[u8] = b"/proc\0";
 
 type Inode = u64;
@@ -226,6 +225,11 @@ pub struct Config {
     ///
     /// The default value for this option is `false`.
     pub writeback: bool,
+
+    /// The path of the root directory.
+    ///
+    /// The default is `/`.
+    pub root_dir: String,
 }
 
 impl Default for Config {
@@ -235,6 +239,7 @@ impl Default for Config {
             attr_timeout: Duration::from_secs(5),
             cache_policy: Default::default(),
             writeback: false,
+            root_dir: String::from("/"),
         }
     }
 }
@@ -640,8 +645,7 @@ impl FileSystem for PassthroughFs {
     type Handle = Handle;
 
     fn init(&self, capable: FsOptions) -> io::Result<FsOptions> {
-        // Safe because this is a constant value and a valid C string.
-        let root = unsafe { CStr::from_bytes_with_nul_unchecked(ROOT_CSTR) };
+        let root = CString::new(self.cfg.root_dir.as_str()).expect("CString::new failed");
 
         // Safe because this doesn't modify any memory and we check the return value.
         // We use `O_PATH` because we just want this for traversing the directory tree