mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-10-05 21:15:45 +00:00
vhost_user_fs: Allow specific shared directory to be specified
Because the vhost_user_backend crate needs some changes to support moving the process to a different mount namespace and perform a pivot root, it is not possible to change '/' to the given shared directory. This commit, as a temporary measure, let the code point at the given shared directory. The long term solution is to perform the mount namespace change and the pivot root as this will provide greater security. Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit is contained in:
parent
ba17758ac0
commit
50b0e58c88
@ -199,7 +199,7 @@ fn main() {
|
|||||||
.get_matches();
|
.get_matches();
|
||||||
|
|
||||||
// Retrieve arguments
|
// Retrieve arguments
|
||||||
let _shared_dir = cmd_arguments
|
let shared_dir = cmd_arguments
|
||||||
.value_of("shared-dir")
|
.value_of("shared-dir")
|
||||||
.expect("Failed to retrieve shared directory path");
|
.expect("Failed to retrieve shared directory path");
|
||||||
let sock = cmd_arguments
|
let sock = cmd_arguments
|
||||||
@ -209,7 +209,11 @@ fn main() {
|
|||||||
// Convert into appropriate types
|
// Convert into appropriate types
|
||||||
let sock = String::from(sock);
|
let sock = String::from(sock);
|
||||||
|
|
||||||
let fs = PassthroughFs::new(passthrough::Config::default()).unwrap();
|
let fs_cfg = passthrough::Config {
|
||||||
|
root_dir: shared_dir.to_string(),
|
||||||
|
..Default::default()
|
||||||
|
};
|
||||||
|
let fs = PassthroughFs::new(fs_cfg).unwrap();
|
||||||
let fs_backend = Arc::new(RwLock::new(VhostUserFsBackend::new(fs).unwrap()));
|
let fs_backend = Arc::new(RwLock::new(VhostUserFsBackend::new(fs).unwrap()));
|
||||||
|
|
||||||
let mut daemon = VhostUserDaemon::new(
|
let mut daemon = VhostUserDaemon::new(
|
||||||
|
@ -27,7 +27,6 @@ use crate::multikey::MultikeyBTreeMap;
|
|||||||
const CURRENT_DIR_CSTR: &[u8] = b".\0";
|
const CURRENT_DIR_CSTR: &[u8] = b".\0";
|
||||||
const PARENT_DIR_CSTR: &[u8] = b"..\0";
|
const PARENT_DIR_CSTR: &[u8] = b"..\0";
|
||||||
const EMPTY_CSTR: &[u8] = b"\0";
|
const EMPTY_CSTR: &[u8] = b"\0";
|
||||||
const ROOT_CSTR: &[u8] = b"/\0";
|
|
||||||
const PROC_CSTR: &[u8] = b"/proc\0";
|
const PROC_CSTR: &[u8] = b"/proc\0";
|
||||||
|
|
||||||
type Inode = u64;
|
type Inode = u64;
|
||||||
@ -226,6 +225,11 @@ pub struct Config {
|
|||||||
///
|
///
|
||||||
/// The default value for this option is `false`.
|
/// The default value for this option is `false`.
|
||||||
pub writeback: bool,
|
pub writeback: bool,
|
||||||
|
|
||||||
|
/// The path of the root directory.
|
||||||
|
///
|
||||||
|
/// The default is `/`.
|
||||||
|
pub root_dir: String,
|
||||||
}
|
}
|
||||||
|
|
||||||
impl Default for Config {
|
impl Default for Config {
|
||||||
@ -235,6 +239,7 @@ impl Default for Config {
|
|||||||
attr_timeout: Duration::from_secs(5),
|
attr_timeout: Duration::from_secs(5),
|
||||||
cache_policy: Default::default(),
|
cache_policy: Default::default(),
|
||||||
writeback: false,
|
writeback: false,
|
||||||
|
root_dir: String::from("/"),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -640,8 +645,7 @@ impl FileSystem for PassthroughFs {
|
|||||||
type Handle = Handle;
|
type Handle = Handle;
|
||||||
|
|
||||||
fn init(&self, capable: FsOptions) -> io::Result<FsOptions> {
|
fn init(&self, capable: FsOptions) -> io::Result<FsOptions> {
|
||||||
// Safe because this is a constant value and a valid C string.
|
let root = CString::new(self.cfg.root_dir.as_str()).expect("CString::new failed");
|
||||||
let root = unsafe { CStr::from_bytes_with_nul_unchecked(ROOT_CSTR) };
|
|
||||||
|
|
||||||
// Safe because this doesn't modify any memory and we check the return value.
|
// Safe because this doesn't modify any memory and we check the return value.
|
||||||
// We use `O_PATH` because we just want this for traversing the directory tree
|
// We use `O_PATH` because we just want this for traversing the directory tree
|
||||||
|
Loading…
Reference in New Issue
Block a user