External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-10-03 20:15:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

vhost_user_fs: Allow specific shared directory to be specified

Browse Source 
Because the vhost_user_backend crate needs some changes to support
moving the process to a different mount namespace and perform a pivot
root, it is not possible to change '/' to the given shared directory.

This commit, as a temporary measure, let the code point at the given
shared directory.

The long term solution is to perform the mount namespace change and the
pivot root as this will provide greater security.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
This commit is contained in:
Sebastien Boeuf 2019-11-14 22:29:13 -08:00 committed by Samuel Ortiz
parent ba17758ac0
commit 50b0e58c88
2 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/bin/vhost_user_fs.rs
View File

@ -199,7 +199,7 @@ fn main() {
.get_matches(); .get_matches();
// Retrieve arguments // Retrieve arguments
let _shared_dir = cmd_arguments let shared_dir = cmd_arguments
.value_of("shared-dir") .value_of("shared-dir")
.expect("Failed to retrieve shared directory path"); .expect("Failed to retrieve shared directory path");
let sock = cmd_arguments let sock = cmd_arguments
@ -209,7 +209,11 @@ fn main() {
// Convert into appropriate types // Convert into appropriate types
let sock = String::from(sock); let sock = String::from(sock);
let fs = PassthroughFs::new(passthrough::Config::default()).unwrap(); let fs_cfg = passthrough::Config {
root_dir: shared_dir.to_string(),
..Default::default()
};
let fs = PassthroughFs::new(fs_cfg).unwrap();
let fs_backend = Arc::new(RwLock::new(VhostUserFsBackend::new(fs).unwrap())); let fs_backend = Arc::new(RwLock::new(VhostUserFsBackend::new(fs).unwrap()));
let mut daemon = VhostUserDaemon::new( let mut daemon = VhostUserDaemon::new(

10
vhost_user_fs/src/passthrough.rs
View File

@ -27,7 +27,6 @@ use crate::multikey::MultikeyBTreeMap;
const CURRENT_DIR_CSTR: &[u8] = b".\0"; const CURRENT_DIR_CSTR: &[u8] = b".\0";
const PARENT_DIR_CSTR: &[u8] = b"..\0"; const PARENT_DIR_CSTR: &[u8] = b"..\0";
const EMPTY_CSTR: &[u8] = b"\0"; const EMPTY_CSTR: &[u8] = b"\0";
const ROOT_CSTR: &[u8] = b"/\0";
const PROC_CSTR: &[u8] = b"/proc\0"; const PROC_CSTR: &[u8] = b"/proc\0";
type Inode = u64; type Inode = u64;
@ -226,6 +225,11 @@ pub struct Config {
/// ///
/// The default value for this option is `false`. /// The default value for this option is `false`.
pub writeback: bool, pub writeback: bool,
/// The path of the root directory.
///
/// The default is `/`.
pub root_dir: String,
} }
impl Default for Config { impl Default for Config {
@ -235,6 +239,7 @@ impl Default for Config {
attr_timeout: Duration::from_secs(5), attr_timeout: Duration::from_secs(5),
cache_policy: Default::default(), cache_policy: Default::default(),
writeback: false, writeback: false,
root_dir: String::from("/"),
} }
} }
} }
@ -640,8 +645,7 @@ impl FileSystem for PassthroughFs {
type Handle = Handle; type Handle = Handle;
fn init(&self, capable: FsOptions) -> io::Result<FsOptions> { fn init(&self, capable: FsOptions) -> io::Result<FsOptions> {
// Safe because this is a constant value and a valid C string. let root = CString::new(self.cfg.root_dir.as_str()).expect("CString::new failed");
let root = unsafe { CStr::from_bytes_with_nul_unchecked(ROOT_CSTR) };
// Safe because this doesn't modify any memory and we check the return value. // Safe because this doesn't modify any memory and we check the return value.
// We use `O_PATH` because we just want this for traversing the directory tree // We use `O_PATH` because we just want this for traversing the directory tree