On Thu, Oct 14, 2010 at 11:00:24AM +0530, Harsh Bora wrote:
On 10/13/2010 09:22 PM, Matthias Bolte wrote:
2010/10/11 Harsh Prateek Bora<harsh@linux.vnet.ibm.com>:
This patch introduces new attribute to filesystem element to support customizable security for mount type. Valid mount_security are: passthrough and mapped.
Usage: <filesystem type='mount' mount_security='passthrough'> <source dir='/export/to/guest'/> <target dir='mount_tag'/> </filesystem>
Here is the detailed explanation on these security models:
Security model: mapped ----------------------
Fileserver intercepts and maps all the file object create requests. Files on the fileserver will be created with Fileserver's user credentials and the client-user's credentials are stored in extended attributes. During getattr() server extracts the client-user's credentials from extended attributes and sends to the client.
This adds a great deal of security in the cloud environments where the guest's(client) user space is kept completely isolated from host's user space.
Security model : passthrough ----------------------------
In this security model, Fileserver passes down all requests to the underlying filesystem. File system objects on the fileserver will be created with client-user's credentials. This is done by setting setuid()/setgid() during creation or chmod/chown after file creation. At the end of create protocol request, files on the fileserver will be owned by cleint-user's uid/gid. This model mimic's current NFSv3 level of security.
Note: This patch is based on Daniel's patch to support 9pfs. It shall be applied after applying Daniel's patch to support 9pfs.
v3: - QEMU cmdline still uses security_model, changes done by mistake reverted.
Signed-off-by: Harsh Prateek Bora<harsh@linux.vnet.ibm.com> --- docs/schemas/domain.rng | 6 ++++++ src/conf/domain_conf.c | 29 +++++++++++++++++++++++++++-- src/conf/domain_conf.h | 10 ++++++++++ src/qemu/qemu_conf.c | 9 +++++++-- 4 files changed, 50 insertions(+), 4 deletions(-)
This patch lacks documentation about the new domain XML attributes in docs/formatdomain.html.in.
Hi Matthias, I wanted to put the documentation for the new attributes in the formatdomain.html.in, however, found that we are actually missing the documentation for the <filesystem> element itself there. I discussed about the same with DV and he suggested to put the documentation text in the patch itself, so that once the documentation for <filesystem> element is in place, this text can be added to it for the new attributes.
Yep, don't worry about the docs, i'll write up full docs for the entire <filesystem> element. Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|