[PATCH] qemu: virtiofs: support <sandbox mode='chroot'/>
Add a new XML element <filesystem> <binary> <sandbox mode='chroot|namespace'/> </binary> </filesystem> Which maps to `virtiofsd -o sandbox=chroot|namespace`, which was added in qemu 5.2.0: https://git.qemu.org/?p=qemu.git;a=commit;h=06844584b62a43384642f7243b0fc01c... Signed-off-by: Cole Robinson <crobinso@redhat.com> --- docs/formatdomain.rst | 4 ++++ docs/schemas/domaincommon.rng | 12 ++++++++++ src/conf/domain_conf.c | 23 +++++++++++++++++++ src/conf/domain_conf.h | 10 ++++++++ src/libvirt_private.syms | 1 + src/qemu/qemu_virtiofs.c | 2 ++ .../vhost-user-fs-fd-memory.xml | 1 + 7 files changed, 53 insertions(+) diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 9392c80113..9dda39dbcb 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -3234,6 +3234,7 @@ A directory on the host that can be accessed directly from the guest. <driver type='virtiofs' queue='1024'/> <binary path='/usr/libexec/virtiofsd' xattr='on'> <cache mode='always'/> + <sandbox mode='namespace'/> <lock posix='on' flock='on'/> </binary> <source dir='/path'/> @@ -3358,6 +3359,9 @@ A directory on the host that can be accessed directly from the guest. ``cache`` element, possible ``mode`` values being ``none`` and ``always``. Locking can be controlled via the ``lock`` element - attributes ``posix`` and ``flock`` both accepting values ``on`` or ``off``. ( :since:`Since 6.2.0` ) + The sandboxing method used by virtiofsd can be configured with the ``sandbox`` + element, possible ``mode`` values being ``namespace`` and + ``chroot``. ( :since:`Since 7.2.0` ) ``source`` The resource on the host that is being accessed in the guest. The ``name`` attribute must be used with ``type='template'``, and the ``dir`` attribute diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1dbfc68f18..6404ebf210 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -2960,6 +2960,18 @@ </optional> </element> </optional> + <optional> + <element name="sandbox"> + <optional> + <attribute name="mode"> + <choice> + <value>namespace</value> + <value>chroot</value> + </choice> + </attribute> + </optional> + </element> + </optional> <optional> <element name="lock"> <optional> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index b0eba9f7bd..70a900ee25 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -538,6 +538,13 @@ VIR_ENUM_IMPL(virDomainFSCacheMode, "always", ); +VIR_ENUM_IMPL(virDomainFSSandboxMode, + VIR_DOMAIN_FS_SANDBOX_MODE_LAST, + "default", + "namespace", + "chroot", +); + VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST, @@ -10373,6 +10380,7 @@ virDomainFSDefParseXML(virDomainXMLOptionPtr xmlopt, g_autofree char *binary = virXPathString("string(./binary/@path)", ctxt); g_autofree char *xattr = virXPathString("string(./binary/@xattr)", ctxt); g_autofree char *cache = virXPathString("string(./binary/cache/@mode)", ctxt); + g_autofree char *sandbox = virXPathString("string(./binary/sandbox/@mode)", ctxt); g_autofree char *posix_lock = virXPathString("string(./binary/lock/@posix)", ctxt); g_autofree char *flock = virXPathString("string(./binary/lock/@flock)", ctxt); int val; @@ -10406,6 +10414,16 @@ virDomainFSDefParseXML(virDomainXMLOptionPtr xmlopt, def->cache = val; } + if (sandbox) { + if ((val = virDomainFSSandboxModeTypeFromString(sandbox)) <= 0) { + virReportError(VIR_ERR_XML_ERROR, + _("cannot parse sandbox mode '%s' for virtiofs"), + sandbox); + goto error; + } + def->sandbox = val; + } + if (posix_lock) { if ((val = virTristateSwitchTypeFromString(posix_lock)) <= 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, @@ -25483,6 +25501,11 @@ virDomainFSDefFormat(virBufferPtr buf, virDomainFSCacheModeTypeToString(def->cache)); } + if (def->sandbox != VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) { + virBufferAsprintf(&binaryBuf, "<sandbox mode='%s'/>\n", + virDomainFSSandboxModeTypeToString(def->sandbox)); + } + if (def->posix_lock != VIR_TRISTATE_SWITCH_ABSENT) { virBufferAsprintf(&lockAttrBuf, " posix='%s'", virTristateSwitchTypeToString(def->posix_lock)); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 0b8895bbdf..d77b04847b 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -846,6 +846,14 @@ typedef enum { VIR_DOMAIN_FS_CACHE_MODE_LAST } virDomainFSCacheMode; +typedef enum { + VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT = 0, + VIR_DOMAIN_FS_SANDBOX_MODE_NAMESPACE, + VIR_DOMAIN_FS_SANDBOX_MODE_CHROOT, + + VIR_DOMAIN_FS_SANDBOX_MODE_LAST +} virDomainFSSandboxMode; + struct _virDomainFSDef { int type; int fsdriver; /* enum virDomainFSDriverType */ @@ -870,6 +878,7 @@ struct _virDomainFSDef { virDomainFSCacheMode cache; virTristateSwitch posix_lock; virTristateSwitch flock; + virDomainFSSandboxMode sandbox; virDomainVirtioOptionsPtr virtio; virObjectPtr privateData; }; @@ -3800,6 +3809,7 @@ VIR_ENUM_DECL(virDomainFSAccessMode); VIR_ENUM_DECL(virDomainFSWrpolicy); VIR_ENUM_DECL(virDomainFSModel); VIR_ENUM_DECL(virDomainFSCacheMode); +VIR_ENUM_DECL(virDomainFSSandboxMode); VIR_ENUM_DECL(virDomainNet); VIR_ENUM_DECL(virDomainNetBackend); VIR_ENUM_DECL(virDomainNetVirtioTxMode); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index cb9fe7c80a..04b2bc9dcd 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -414,6 +414,7 @@ virDomainFSDriverTypeToString; virDomainFSIndexByName; virDomainFSInsert; virDomainFSRemove; +virDomainFSSandboxModeTypeToString; virDomainFSTypeFromString; virDomainFSTypeToString; virDomainFSWrpolicyTypeFromString; diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c index 2e239cad66..988b757d6f 100644 --- a/src/qemu/qemu_virtiofs.c +++ b/src/qemu/qemu_virtiofs.c @@ -131,6 +131,8 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfigPtr cfg, virQEMUBuildBufferEscapeComma(&opts, fs->src->path); if (fs->cache) virBufferAsprintf(&opts, ",cache=%s", virDomainFSCacheModeTypeToString(fs->cache)); + if (fs->sandbox) + virBufferAsprintf(&opts, ",sandbox=%s", virDomainFSSandboxModeTypeToString(fs->sandbox)); if (fs->xattr == VIR_TRISTATE_SWITCH_ON) virBufferAddLit(&opts, ",xattr"); diff --git a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml index 2277850c2c..abddf0870b 100644 --- a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml +++ b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml @@ -30,6 +30,7 @@ <driver type='virtiofs' queue='1024'/> <binary path='/usr/libexec/virtiofsd' xattr='on'> <cache mode='always'/> + <sandbox mode='chroot'/> <lock posix='off' flock='off'/> </binary> <source dir='/path'/> -- 2.30.2
On Fri, Mar 26, 2021 at 11:37:48 -0400, Cole Robinson wrote:
Add a new XML element
<filesystem> <binary> <sandbox mode='chroot|namespace'/> </binary> </filesystem>
Which maps to `virtiofsd -o sandbox=chroot|namespace`, which was added in qemu 5.2.0:
https://git.qemu.org/?p=qemu.git;a=commit;h=06844584b62a43384642f7243b0fc01c...
Signed-off-by: Cole Robinson <crobinso@redhat.com> --- docs/formatdomain.rst | 4 ++++ docs/schemas/domaincommon.rng | 12 ++++++++++ src/conf/domain_conf.c | 23 +++++++++++++++++++ src/conf/domain_conf.h | 10 ++++++++ src/libvirt_private.syms | 1 + src/qemu/qemu_virtiofs.c | 2 ++ .../vhost-user-fs-fd-memory.xml | 1 + 7 files changed, 53 insertions(+)
Please split the commit as it's usual for libvirt patches. Also a test case modifying any of the .args files in qemuxml2argv test is missing.
diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst index 9392c80113..9dda39dbcb 100644 --- a/docs/formatdomain.rst +++ b/docs/formatdomain.rst @@ -3234,6 +3234,7 @@ A directory on the host that can be accessed directly from the guest. <driver type='virtiofs' queue='1024'/> <binary path='/usr/libexec/virtiofsd' xattr='on'> <cache mode='always'/> + <sandbox mode='namespace'/> <lock posix='on' flock='on'/> </binary> <source dir='/path'/> @@ -3358,6 +3359,9 @@ A directory on the host that can be accessed directly from the guest. ``cache`` element, possible ``mode`` values being ``none`` and ``always``. Locking can be controlled via the ``lock`` element - attributes ``posix`` and ``flock`` both accepting values ``on`` or ``off``. ( :since:`Since 6.2.0` ) + The sandboxing method used by virtiofsd can be configured with the ``sandbox`` + element, possible ``mode`` values being ``namespace`` and + ``chroot``. ( :since:`Since 7.2.0` )
Is there any reasonable short explanation of differences? Or perhaps link to virtiofs docs to clarify what that the modes do?
``source`` The resource on the host that is being accessed in the guest. The ``name`` attribute must be used with ``type='template'``, and the ``dir`` attribute diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1dbfc68f18..6404ebf210 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -2960,6 +2960,18 @@ </optional> </element> </optional> + <optional> + <element name="sandbox"> + <optional> + <attribute name="mode"> + <choice> + <value>namespace</value> + <value>chroot</value> + </choice> + </attribute> + </optional> + </element> + </optional> <optional> <element name="lock"> <optional> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c index b0eba9f7bd..70a900ee25 100644 --- a/src/conf/domain_conf.c +++ b/src/conf/domain_conf.c @@ -538,6 +538,13 @@ VIR_ENUM_IMPL(virDomainFSCacheMode, "always", );
+VIR_ENUM_IMPL(virDomainFSSandboxMode, + VIR_DOMAIN_FS_SANDBOX_MODE_LAST, + "default", + "namespace", + "chroot", +); +
VIR_ENUM_IMPL(virDomainNet, VIR_DOMAIN_NET_TYPE_LAST, @@ -10373,6 +10380,7 @@ virDomainFSDefParseXML(virDomainXMLOptionPtr xmlopt, g_autofree char *binary = virXPathString("string(./binary/@path)", ctxt); g_autofree char *xattr = virXPathString("string(./binary/@xattr)", ctxt); g_autofree char *cache = virXPathString("string(./binary/cache/@mode)", ctxt); + g_autofree char *sandbox = virXPathString("string(./binary/sandbox/@mode)", ctxt); g_autofree char *posix_lock = virXPathString("string(./binary/lock/@posix)", ctxt); g_autofree char *flock = virXPathString("string(./binary/lock/@flock)", ctxt); int val; @@ -10406,6 +10414,16 @@ virDomainFSDefParseXML(virDomainXMLOptionPtr xmlopt, def->cache = val; }
+ if (sandbox) { + if ((val = virDomainFSSandboxModeTypeFromString(sandbox)) <= 0) { + virReportError(VIR_ERR_XML_ERROR, + _("cannot parse sandbox mode '%s' for virtiofs"), + sandbox); + goto error; + } + def->sandbox = val; + } + if (posix_lock) { if ((val = virTristateSwitchTypeFromString(posix_lock)) <= 0) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, @@ -25483,6 +25501,11 @@ virDomainFSDefFormat(virBufferPtr buf, virDomainFSCacheModeTypeToString(def->cache)); }
+ if (def->sandbox != VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) { + virBufferAsprintf(&binaryBuf, "<sandbox mode='%s'/>\n", + virDomainFSSandboxModeTypeToString(def->sandbox)); + } + if (def->posix_lock != VIR_TRISTATE_SWITCH_ABSENT) { virBufferAsprintf(&lockAttrBuf, " posix='%s'", virTristateSwitchTypeToString(def->posix_lock)); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 0b8895bbdf..d77b04847b 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -846,6 +846,14 @@ typedef enum { VIR_DOMAIN_FS_CACHE_MODE_LAST } virDomainFSCacheMode;
+typedef enum { + VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT = 0, + VIR_DOMAIN_FS_SANDBOX_MODE_NAMESPACE, + VIR_DOMAIN_FS_SANDBOX_MODE_CHROOT, + + VIR_DOMAIN_FS_SANDBOX_MODE_LAST +} virDomainFSSandboxMode; + struct _virDomainFSDef { int type; int fsdriver; /* enum virDomainFSDriverType */ @@ -870,6 +878,7 @@ struct _virDomainFSDef { virDomainFSCacheMode cache; virTristateSwitch posix_lock; virTristateSwitch flock; + virDomainFSSandboxMode sandbox;
validation check rejecting sandbox modes for 9p fs is missing
virDomainVirtioOptionsPtr virtio; virObjectPtr privateData; };
On 3/26/21 11:53 AM, Peter Krempa wrote:
On Fri, Mar 26, 2021 at 11:37:48 -0400, Cole Robinson wrote:
Add a new XML element
<filesystem> <binary> <sandbox mode='chroot|namespace'/> </binary> </filesystem>
Which maps to `virtiofsd -o sandbox=chroot|namespace`, which was added in qemu 5.2.0:
https://git.qemu.org/?p=qemu.git;a=commit;h=06844584b62a43384642f7243b0fc01c...
Signed-off-by: Cole Robinson <crobinso@redhat.com> --- docs/formatdomain.rst | 4 ++++ docs/schemas/domaincommon.rng | 12 ++++++++++ src/conf/domain_conf.c | 23 +++++++++++++++++++ src/conf/domain_conf.h | 10 ++++++++ src/libvirt_private.syms | 1 + src/qemu/qemu_virtiofs.c | 2 ++ .../vhost-user-fs-fd-memory.xml | 1 + 7 files changed, 53 insertions(+)
Please split the commit as it's usual for libvirt patches.
Okay, fixed in v2. I addressed the docs and validation piece in v2 too
Also a test case modifying any of the .args files in qemuxml2argv test is missing.
This option affects the virtiofsd command line only, so it won't be reflected in .args files Thanks, Cole
participants (2)
-
Cole Robinson -
Peter Krempa