From patchwork Fri Mar 26 15:37:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cole Robinson X-Patchwork-Id: 409524 Delivered-To: patch@linaro.org Received: by 2002:a02:8562:0:0:0:0:0 with SMTP id g89csp1539970jai; Fri, 26 Mar 2021 08:39:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx0e+AbUXd6JYC+nka5+Et0fUx+/Fd/QFtW/hBdnmfHBvuvE+fXVfclqVCB++Mmmmf1VXdm X-Received: by 2002:aa7:d416:: with SMTP id z22mr15635739edq.239.1616773165250; Fri, 26 Mar 2021 08:39:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1616773165; cv=none; d=google.com; s=arc-20160816; b=f64VKk7I6AcKMugmRptWjldyq5PiHu7rJYOAqlUrsEQCign4+G4tMx3krJTfvu/eX9 KnLGgyFx4pQ+Lg1DfDTlMttLOQZSAWUlxvyL+zQ9umGiIlvYSRtWO8TxygAs83rSV8Er r5zStp4nhsxTkKj2kunGUPPNt7cTCIrLTJdkIVaqSSoQ2Lruu6f2RSppRnfcOYEjH7Ll ap2bUchSIQlDtQHhlVYAjiTdYbACvZFlFHy7W/UQLv4e2VRAZsK13k16ct7sQog4fXCH SszJjW8PFRXvXh5qNTn+8lv0jWL9KahyRBpJdwTlNXMl+vtJkFvgc1JvtiVVaae0oc+r V67A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:errors-to:sender:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:cc :mime-version:message-id:date:subject:to:from:delivered-to :dkim-signature; bh=0m5n8hEWBcqFiodUgh6/4oD56qsVSh8FWrh3gamxh2M=; b=iWN9U2jIRniF2l4Fx0Rzx8Vv48VzXUXsLJRK0KHZcpFVUZxTnAVFGPF1ZphuhDjNSb tBB1svZup46WTha4EB/SeoTaATTWuZjTJ3hOjb5H054EVlhJp3fWJkoO6r4Ov+tdn7kf zO1+eZahv89CmPfabYtI7/qFnSgPnSssay5p4NY/r5DEGRMqZA1nDyeiamGoUPdNv7NF B9G/vcggHttXfeyLjGeYoC6DveYiMYWr+dZSWSjzcT4shV/EKkdPCkp+bKPqfovRIw8r Six8djd3ww2MkRh6s83AHxnCaJst2zUHvgRWfJda2JEuIsPDrhv58nKHclvAmESuedbr B1Dg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=WSDCkjDC; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com. [216.205.24.124]) by mx.google.com with ESMTPS id j10si7643108ejs.556.2021.03.26.08.39.24 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Mar 2021 08:39:25 -0700 (PDT) Received-SPF: pass (google.com: domain of libvir-list-bounces@redhat.com designates 216.205.24.124 as permitted sender) client-ip=216.205.24.124; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=WSDCkjDC; spf=pass (google.com: domain of libvir-list-bounces@redhat.com designates 216.205.24.124 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1616773164; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=0m5n8hEWBcqFiodUgh6/4oD56qsVSh8FWrh3gamxh2M=; b=WSDCkjDCafPxzni9zdibNOmMIvqeKJix2SPaBK8Ce0gMwx4+c5QsBkylzlqyZbrIx266CT dv9dEHwl8BzGnytIsqvr3o+KFi7QfQAzRzX3PGv3DBAL52WYyEBcd6tSyKY8bSFZcoIzbN GG8BU7ckIbJtfw+26shL8M+4c4O2x1Y= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-521-Har-iK4DMhK3cTIuekw1HA-1; Fri, 26 Mar 2021 11:39:20 -0400 X-MC-Unique: Har-iK4DMhK3cTIuekw1HA-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 4B12494F10; Fri, 26 Mar 2021 15:38:23 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 99EB189D1E; Fri, 26 Mar 2021 15:38:22 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 747584BB7C; Fri, 26 Mar 2021 15:38:20 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 12QFcJAs027203 for ; Fri, 26 Mar 2021 11:38:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 009CF101E24F; Fri, 26 Mar 2021 15:38:19 +0000 (UTC) Delivered-To: libvir-list@redhat.com Received: from worklaptop.home (ovpn-117-183.rdu2.redhat.com [10.10.117.183]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7FB82101E249; Fri, 26 Mar 2021 15:38:13 +0000 (UTC) From: Cole Robinson To: libvir-list@redhat.com Subject: [PATCH] qemu: virtiofs: support Date: Fri, 26 Mar 2021 11:37:48 -0400 Message-Id: <6f2cb9738070c4274fcfab387c279c28ed2ff35c.1616773068.git.crobinso@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-loop: libvir-list@redhat.com Cc: Cole Robinson X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Add a new XML element Which maps to `virtiofsd -o sandbox=chroot|namespace`, which was added in qemu 5.2.0: https://git.qemu.org/?p=qemu.git;a=commit;h=06844584b62a43384642f7243b0fc01c9fff0fc7 Signed-off-by: Cole Robinson --- docs/formatdomain.rst | 4 ++++ docs/schemas/domaincommon.rng | 12 ++++++++++ src/conf/domain_conf.c | 23 +++++++++++++++++++ src/conf/domain_conf.h | 10 ++++++++ src/libvirt_private.syms | 1 + src/qemu/qemu_virtiofs.c | 2 ++ .../vhost-user-fs-fd-memory.xml | 1 + 7 files changed, 53 insertions(+) -- 2.30.2 diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 9392c80113..9dda39dbcb 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -3234,6 +3234,7 @@ A directory on the host that can be accessed directly from the guest. + @@ -3358,6 +3359,9 @@ A directory on the host that can be accessed directly from the guest. ``cache`` element, possible ``mode`` values being ``none`` and ``always``. Locking can be controlled via the ``lock`` element - attributes ``posix`` and ``flock`` both accepting values ``on`` or ``off``. ( :since:`Since 6.2.0` ) + The sandboxing method used by virtiofsd can be configured with the ``sandbox`` + element, possible ``mode`` values being ``namespace`` and + ``chroot``. ( :since:`Since 7.2.0` ) ``source`` The resource on the host that is being accessed in the guest. The ``name`` attribute must be used with ``type='template'``, and the ``dir`` attribute diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1dbfc68f18..6404ebf210 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -2960,6 +2960,18 @@ + + + + + + namespace + chroot + + + + + diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index b0eba9f7bd..70a900ee25 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -538,6 +538,13 @@ VIR_ENUM_IMPL(virDomainFSCacheMode, "always", ); +VIR_ENUM_IMPL(virDomainFSSandboxMode, + VIR_DOMAIN_FS_SANDBOX_MODE_LAST, + "default", + "namespace", + "chroot", +); + VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST, @@ -10373,6 +10380,7 @@ virDomainFSDefParseXML(virDomainXMLOptionPtr xmlopt, g_autofree char *binary = virXPathString("string(./binary/@path)", ctxt); g_autofree char *xattr = virXPathString("string(./binary/@xattr)", ctxt); g_autofree char *cache = virXPathString("string(./binary/cache/@mode)", ctxt); + g_autofree char *sandbox = virXPathString("string(./binary/sandbox/@mode)", ctxt); g_autofree char *posix_lock = virXPathString("string(./binary/lock/@posix)", ctxt); g_autofree char *flock = virXPathString("string(./binary/lock/@flock)", ctxt); int val; @@ -10406,6 +10414,16 @@ virDomainFSDefParseXML(virDomainXMLOptionPtr xmlopt, def->cache = val; } + if (sandbox) { + if ((val = virDomainFSSandboxModeTypeFromString(sandbox)) <= 0) { + virReportError(VIR_ERR_XML_ERROR, + _("cannot parse sandbox mode '%s' for virtiofs"), + sandbox); + goto error; + } + def->sandbox = val; + } + if (posix_lock) { if ((val = virTristateSwitchTypeFromString(posix_lock)) <= 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, @@ -25483,6 +25501,11 @@ virDomainFSDefFormat(virBufferPtr buf, virDomainFSCacheModeTypeToString(def->cache)); } + if (def->sandbox != VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) { + virBufferAsprintf(&binaryBuf, "\n", + virDomainFSSandboxModeTypeToString(def->sandbox)); + } + if (def->posix_lock != VIR_TRISTATE_SWITCH_ABSENT) { virBufferAsprintf(&lockAttrBuf, " posix='%s'", virTristateSwitchTypeToString(def->posix_lock)); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 0b8895bbdf..d77b04847b 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -846,6 +846,14 @@ typedef enum { VIR_DOMAIN_FS_CACHE_MODE_LAST } virDomainFSCacheMode; +typedef enum { + VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT = 0, + VIR_DOMAIN_FS_SANDBOX_MODE_NAMESPACE, + VIR_DOMAIN_FS_SANDBOX_MODE_CHROOT, + + VIR_DOMAIN_FS_SANDBOX_MODE_LAST +} virDomainFSSandboxMode; + struct _virDomainFSDef { int type; int fsdriver; /* enum virDomainFSDriverType */ @@ -870,6 +878,7 @@ struct _virDomainFSDef { virDomainFSCacheMode cache; virTristateSwitch posix_lock; virTristateSwitch flock; + virDomainFSSandboxMode sandbox; virDomainVirtioOptionsPtr virtio; virObjectPtr privateData; }; @@ -3800,6 +3809,7 @@ VIR_ENUM_DECL(virDomainFSAccessMode); VIR_ENUM_DECL(virDomainFSWrpolicy); VIR_ENUM_DECL(virDomainFSModel); VIR_ENUM_DECL(virDomainFSCacheMode); +VIR_ENUM_DECL(virDomainFSSandboxMode); VIR_ENUM_DECL(virDomainNet); VIR_ENUM_DECL(virDomainNetBackend); VIR_ENUM_DECL(virDomainNetVirtioTxMode); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index cb9fe7c80a..04b2bc9dcd 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -414,6 +414,7 @@ virDomainFSDriverTypeToString; virDomainFSIndexByName; virDomainFSInsert; virDomainFSRemove; +virDomainFSSandboxModeTypeToString; virDomainFSTypeFromString; virDomainFSTypeToString; virDomainFSWrpolicyTypeFromString; diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c index 2e239cad66..988b757d6f 100644 --- a/src/qemu/qemu_virtiofs.c +++ b/src/qemu/qemu_virtiofs.c @@ -131,6 +131,8 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfigPtr cfg, virQEMUBuildBufferEscapeComma(&opts, fs->src->path); if (fs->cache) virBufferAsprintf(&opts, ",cache=%s", virDomainFSCacheModeTypeToString(fs->cache)); + if (fs->sandbox) + virBufferAsprintf(&opts, ",sandbox=%s", virDomainFSSandboxModeTypeToString(fs->sandbox)); if (fs->xattr == VIR_TRISTATE_SWITCH_ON) virBufferAddLit(&opts, ",xattr"); diff --git a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml index 2277850c2c..abddf0870b 100644 --- a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml +++ b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml @@ -30,6 +30,7 @@ +