[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] cece11: configure: add option for virtiofsd
|
From: |
Peter Maydell |
|
Subject: |
[Qemu-commits] [qemu/qemu] cece11: configure: add option for virtiofsd |
|
Date: |
Tue, 27 Oct 2020 09:58:26 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: cece116c939d219070b250338439c2d16f94e3da
https://github.com/qemu/qemu/commit/cece116c939d219070b250338439c2d16f94e3da
Author: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M configure
M meson.build
M meson_options.txt
M tools/meson.build
Log Message:
-----------
configure: add option for virtiofsd
Currently it is unknown whether virtiofsd will be built at
configuration time. It will be automatically built when dependency
is met. Also, required libraries are not clear.
To make this clear, add configure option --{enable,disable}-virtiofsd.
The default is the same as current (enabled if available) like many
other options. When --enable-virtiofsd is given and dependency is not
met, we get:
ERROR: Problem encountered: virtiofsd requires libcap-ng-devel and
seccomp-devel
or
ERROR: Problem encountered: virtiofsd needs tools and vhost-user support
In addition, configuration summary now includes virtiofsd entry:
build virtiofs daemon: YES/NO
Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Message-Id: <20201008103133.2722903-1-misono.tomohiro@jp.fujitsu.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Manual merge
Commit: 800ad114f10d0bf94e49b1441e1a13064a45a967
https://github.com/qemu/qemu/commit/800ad114f10d0bf94e49b1441e1a13064a45a967
Author: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: passthrough_ll: set FUSE_LOG_INFO as default log_level
Just noticed that although help message says default log level is INFO,
it is actually 0 (EMRGE) and no mesage will be shown when error occurs.
It's better to follow help message.
Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>
Message-Id: <20201008110148.2757734-1-misono.tomohiro@jp.fujitsu.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 06844584b62a43384642f7243b0fc01c9fff0fc7
https://github.com/qemu/qemu/commit/06844584b62a43384642f7243b0fc01c9fff0fc7
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M docs/tools/virtiofsd.rst
M tools/virtiofsd/helper.c
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: add container-friendly -o sandbox=chroot option
virtiofsd cannot run in a container because CAP_SYS_ADMIN is required to
create namespaces.
Introduce a weaker sandbox mode that is sufficient in container
environments because the container runtime already sets up namespaces.
Use chroot to restrict path traversal to the shared directory.
virtiofsd loses the following:
1. Mount namespace. The process chroots to the shared directory but
leaves the mounts in place. Seccomp rejects mount(2)/umount(2)
syscalls.
2. Pid namespace. This should be fine because virtiofsd is the only
process running in the container.
3. Network namespace. This should be fine because seccomp already
rejects the connect(2) syscall, but an additional layer of security
is lost. Container runtime-specific network security policies can be
used drop network traffic (except for the vhost-user UNIX domain
socket).
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201008085534.16070-1-stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 6084633dff3a05d63176e06d7012c7e15aba15be
https://github.com/qemu/qemu/commit/6084633dff3a05d63176e06d7012c7e15aba15be
Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M docs/tools/virtiofsd.rst
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
tools/virtiofsd: xattr name mappings: Add option
Add an option to define mappings of xattr names so that
the client and server filesystems see different views.
This can be used to have different SELinux mappings as
seen by the guest, to run the virtiofsd with less privileges
(e.g. in a case where it can't set trusted/system/security
xattrs but you want the guest to be able to), or to isolate
multiple users of the same name; e.g. trusted attributes
used by stacking overlayfs.
A mapping engine is used with 3 simple rules; the rules can
be combined to allow most useful mapping scenarios.
The ruleset is defined by -o xattrmap='rules...'.
This patch doesn't use the rule maps yet.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20201023165812.36028-2-dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 4f088dbf98aecde6eed94d630964cc36cd39837b
https://github.com/qemu/qemu/commit/4f088dbf98aecde6eed94d630964cc36cd39837b
Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
tools/virtiofsd: xattr name mappings: Map client xattr names
Map xattr names originating at the client; from get/set/remove xattr.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20201023165812.36028-3-dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 6409cf19ca17ab2acec6f014290f24e137198751
https://github.com/qemu/qemu/commit/6409cf19ca17ab2acec6f014290f24e137198751
Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
tools/virtiofsd: xattr name mappings: Map server xattr names
Map xattr names coming from the server, i.e. the host filesystem;
currently this is only from listxattr.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20201023165812.36028-4-dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 491bfaea3bd44b47c62f758efffb67a392ded02b
https://github.com/qemu/qemu/commit/491bfaea3bd44b47c62f758efffb67a392ded02b
Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M docs/tools/virtiofsd.rst
Log Message:
-----------
tools/virtiofsd: xattr name mapping examples
Add a few examples of xattrmaps to the documentation.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20201023165812.36028-5-dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 1d84a0213a2ec7094abe6d896ce0ec0b5aa0cacf
https://github.com/qemu/qemu/commit/1d84a0213a2ec7094abe6d896ce0ec0b5aa0cacf
Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M docs/tools/virtiofsd.rst
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
tools/virtiofsd: xattr name mappings: Simple 'map'
The mapping rule system implemented in the last few patches is
extremely flexible, but not easy to use. Add a simple
'map' type as a sprinkling of sugar to make it easy.
e.g.
-o xattrmap=":map::user.virtiofs.:"
would be sufficient to prefix all xattr's
or
-o xattrmap=":map:trusted.:user.virtiofs.:"
would just prefix 'trusted.' xattr's and leave
everything else alone.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20201023165812.36028-6-dgilbert@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 97d741cc96dd08b183cb098a38d55b641e277be0
https://github.com/qemu/qemu/commit/97d741cc96dd08b183cb098a38d55b641e277be0
Author: Max Reitz <mreitz@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M include/standard-headers/linux/fuse.h
Log Message:
-----------
linux/fuse.h: Pull in from Linux
Update the linux/fuse.h standard header from the kernel development tree
that implements FUSE submounts.
This adds the fuse_attr.flags field, the FUSE_ATTR_FLAGS INIT flag, and
the FUSE_ATTR_SUBMOUNT flag for fuse_attr.flags.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200909184028.262297-2-mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 2f10415abfc58e1eb8d311d35e97f78d9fc0f16c
https://github.com/qemu/qemu/commit/2f10415abfc58e1eb8d311d35e97f78d9fc0f16c
Author: Max Reitz <mreitz@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tools/virtiofsd/fuse_common.h
M tools/virtiofsd/fuse_lowlevel.c
Log Message:
-----------
virtiofsd: Announce FUSE_ATTR_FLAGS
The fuse_attr.flags field is currently just initialized to 0, which is
valid. Thus, there is no reason not to always announce FUSE_ATTR_FLAGS
(when the kernel supports it).
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200909184028.262297-3-mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: e2577435d3433b66b6f8adcd6482b5da5198689b
https://github.com/qemu/qemu/commit/e2577435d3433b66b6f8adcd6482b5da5198689b
Author: Max Reitz <mreitz@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tools/virtiofsd/fuse_lowlevel.c
M tools/virtiofsd/fuse_lowlevel.h
Log Message:
-----------
virtiofsd: Add attr_flags to fuse_entry_param
fuse_entry_param is converted to fuse_attr on the line (by
fill_entry()), so it should have a member that mirrors fuse_attr.flags.
fill_entry() should then copy this fuse_entry_param.attr_flags to
fuse_attr.flags.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200909184028.262297-4-mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: ede24b6be798000bbf554891e5b54a0f4848897f
https://github.com/qemu/qemu/commit/ede24b6be798000bbf554891e5b54a0f4848897f
Author: Max Reitz <mreitz@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tools/virtiofsd/fuse_lowlevel.c
M tools/virtiofsd/fuse_lowlevel.h
Log Message:
-----------
virtiofsd: Add fuse_reply_attr_with_flags()
The plain fuse_reply_attr() function does not allow setting
fuse_attr.flags, so add this new function that does.
Make fuse_reply_attr() a wrapper around it.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200909184028.262297-5-mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: eba8b096c17c5a74c5a00af4cf476a9b1b4d7393
https://github.com/qemu/qemu/commit/eba8b096c17c5a74c5a00af4cf476a9b1b4d7393
Author: Max Reitz <mreitz@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: Store every lo_inode's parent_dev
We want to detect mount points in the shared tree. We report them to
the guest by setting the FUSE_ATTR_SUBMOUNT flag in fuse_attr.flags, but
because the FUSE client will create a submount for every directory that
has this flag set, we must do this only for the actual mount points.
We can detect mount points by comparing a directory's st_dev with its
parent's st_dev. To be able to do so, we need to store the parent's
st_dev in the lo_inode object.
Note that mount points need not necessarily be directories; a single
file can be a mount point as well. However, for the sake of simplicity
let us ignore any non-directory mount points for now.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200909184028.262297-6-mreitz@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 08dce386e77eb9ab044cb118e5391dc9ae11c5a8
https://github.com/qemu/qemu/commit/08dce386e77eb9ab044cb118e5391dc9ae11c5a8
Author: Max Reitz <mreitz@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tools/virtiofsd/helper.c
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
virtiofsd: Announce sub-mount points
Whenever we encounter a directory with an st_dev that differs from that
of its parent, we set the FUSE_ATTR_SUBMOUNT flag so the guest can
create a submount for it.
Make this behavior optional, so submounts are only announced to the
guest with the announce_submounts option. Some users may prefer the
current behavior, so that the guest learns nothing about the host mount
structure.
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200909184028.262297-7-mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Manual merge
Commit: 45ced7ca2f2767c046fb1b9980ba938ad526262e
https://github.com/qemu/qemu/commit/45ced7ca2f2767c046fb1b9980ba938ad526262e
Author: Max Reitz <mreitz@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
M tests/acceptance/boot_linux.py
Log Message:
-----------
tests/acceptance/boot_linux: Accept SSH pubkey
Let download_cloudinit() take an optional pubkey, which subclasses of
BootLinux can pass through setUp().
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200909184028.262297-8-mreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: WIllian Rampazzo <willianr@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: c93a656f7b6585d9b6f8639d1fbb74dd944be239
https://github.com/qemu/qemu/commit/c93a656f7b6585d9b6f8639d1fbb74dd944be239
Author: Max Reitz <mreitz@redhat.com>
Date: 2020-10-26 (Mon, 26 Oct 2020)
Changed paths:
A tests/acceptance/virtiofs_submounts.py
A tests/acceptance/virtiofs_submounts.py.data/cleanup.sh
A tests/acceptance/virtiofs_submounts.py.data/guest-cleanup.sh
A tests/acceptance/virtiofs_submounts.py.data/guest.sh
A tests/acceptance/virtiofs_submounts.py.data/host.sh
Log Message:
-----------
tests/acceptance: Add virtiofs_submounts.py
This test invokes several shell scripts to create a random directory
tree full of submounts, and then check in the VM whether every submount
has its own ID and the structure looks as expected.
(Note that the test scripts must be non-executable, so Avocado will not
try to execute them as if they were tests on their own, too.)
Because at this commit's date it is unlikely that the Linux kernel on
the image provided by boot_linux.py supports submounts in virtio-fs, the
test will be cancelled if no custom Linux binary is provided through the
vmlinuz parameter. (The on-image kernel can be used by providing an
empty string via vmlinuz=.)
So, invoking the test can be done as follows:
$ avocado run \
tests/acceptance/virtiofs_submounts.py \
-p vmlinuz=/path/to/linux/build/arch/x86/boot/bzImage
This test requires root privileges (through passwordless sudo -n),
because at this point, virtiofsd requires them. (If you have a
timestamp_timeout period for sudoers (e.g. the default of 5 min), you
can provide this by executing something like "sudo true" before invoking
Avocado.)
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200909184028.262297-9-mreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Commit: 725ca3313a5b9cbef89eaa1c728567684f37990a
https://github.com/qemu/qemu/commit/725ca3313a5b9cbef89eaa1c728567684f37990a
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2020-10-27 (Tue, 27 Oct 2020)
Changed paths:
M configure
M docs/tools/virtiofsd.rst
M include/standard-headers/linux/fuse.h
M meson.build
M meson_options.txt
M tests/acceptance/boot_linux.py
A tests/acceptance/virtiofs_submounts.py
A tests/acceptance/virtiofs_submounts.py.data/cleanup.sh
A tests/acceptance/virtiofs_submounts.py.data/guest-cleanup.sh
A tests/acceptance/virtiofs_submounts.py.data/guest.sh
A tests/acceptance/virtiofs_submounts.py.data/host.sh
M tools/meson.build
M tools/virtiofsd/fuse_common.h
M tools/virtiofsd/fuse_lowlevel.c
M tools/virtiofsd/fuse_lowlevel.h
M tools/virtiofsd/helper.c
M tools/virtiofsd/passthrough_ll.c
Log Message:
-----------
Merge remote-tracking branch
'remotes/dgilbert-gitlab/tags/pull-virtiofs-20201026' into staging
virtiofsd pull 2020-10-26
Misono
Set default log level to info
Explicit build option for virtiofsd
Me
xattr name mapping
Stefan
Alternative chroot sandbox method
Max
Submount mechanism
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
# gpg: Signature made Mon 26 Oct 2020 18:41:36 GMT
# gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>"
[full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert-gitlab/tags/pull-virtiofs-20201026:
tests/acceptance: Add virtiofs_submounts.py
tests/acceptance/boot_linux: Accept SSH pubkey
virtiofsd: Announce sub-mount points
virtiofsd: Store every lo_inode's parent_dev
virtiofsd: Add fuse_reply_attr_with_flags()
virtiofsd: Add attr_flags to fuse_entry_param
virtiofsd: Announce FUSE_ATTR_FLAGS
linux/fuse.h: Pull in from Linux
tools/virtiofsd: xattr name mappings: Simple 'map'
tools/virtiofsd: xattr name mapping examples
tools/virtiofsd: xattr name mappings: Map server xattr names
tools/virtiofsd: xattr name mappings: Map client xattr names
tools/virtiofsd: xattr name mappings: Add option
virtiofsd: add container-friendly -o sandbox=chroot option
virtiofsd: passthrough_ll: set FUSE_LOG_INFO as default log_level
configure: add option for virtiofsd
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Compare: https://github.com/qemu/qemu/compare/4a74626970ab...725ca3313a5b
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] cece11: configure: add option for virtiofsd,
Peter Maydell <=