On 10/13/2010 09:22 PM, Matthias Bolte wrote:
2010/10/11 Harsh Prateek Bora<harsh@xxxxxxxxxxxxxxxxxx>:
This patch introduces new attribute to filesystem element
to support customizable security for mount type.
Valid mount_security are: passthrough and mapped.
Usage:
<filesystem type='mount' mount_security='passthrough'>
<source dir='/export/to/guest'/>
<target dir='mount_tag'/>
</filesystem>
Here is the detailed explanation on these security models:
Security model: mapped
----------------------
Fileserver intercepts and maps all the file object create requests.
Files on the fileserver will be created with Fileserver's user credentials
and the
client-user's credentials are stored in extended attributes.
During getattr() server extracts the client-user's credentials from extended
attributes and sends to the client.
This adds a great deal of security in the cloud environments where the
guest's(client) user space is kept completely isolated from host's user
space.
Security model : passthrough
----------------------------
In this security model, Fileserver passes down all requests to the
underlying filesystem. File system objects on the fileserver will be created
with client-user's credentials. This is done by setting setuid()/setgid()
during creation or chmod/chown after file creation. At the end of create
protocol
request, files on the fileserver will be owned by cleint-user's uid/gid.
This model mimic's current NFSv3 level of security.
Note: This patch is based on Daniel's patch to support 9pfs.
It shall be applied after applying Daniel's patch to support 9pfs.
v3:
- QEMU cmdline still uses security_model, changes done by mistake reverted.
Signed-off-by: Harsh Prateek Bora<harsh@xxxxxxxxxxxxxxxxxx>
---
docs/schemas/domain.rng | 6 ++++++
src/conf/domain_conf.c | 29 +++++++++++++++++++++++++++--
src/conf/domain_conf.h | 10 ++++++++++
src/qemu/qemu_conf.c | 9 +++++++--
4 files changed, 50 insertions(+), 4 deletions(-)
This patch lacks documentation about the new domain XML attributes in
docs/formatdomain.html.in.
Hi Matthias,
I wanted to put the documentation for the new attributes in the
formatdomain.html.in, however, found that we are actually missing the
documentation for the <filesystem> element itself there.
I discussed about the same with DV and he suggested to put the
documentation text in the patch itself, so that once the documentation
for <filesystem> element is in place, this text can be added to it for
the new attributes.
Regards,
Harsh
Matthias
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list