*/
#define V9FS_SM_NONE 0x00000010
#define V9FS_RDONLY 0x00000020
+#define V9FS_PROXY_SOCK_FD 0x00000040
+#define V9FS_PROXY_SOCK_NAME 0x00000080
#define V9FS_SEC_MASK 0x0000001C
{"fd", required_argument, NULL, 'f'},
{"path", required_argument, NULL, 'p'},
{"nodaemon", no_argument, NULL, 'n'},
+ {"socket", required_argument, NULL, 's'},
+ {"uid", required_argument, NULL, 'u'},
+ {"gid", required_argument, NULL, 'g'},
};
static bool is_daemon;
return ret;
}
+/* create unix domain socket and return the descriptor */
+static int proxy_socket(const char *path, uid_t uid, gid_t gid)
+{
+ int sock, client;
+ struct sockaddr_un proxy, qemu;
+ socklen_t size;
+
+ /* requested socket already exists, refuse to start */
+ if (!access(path, F_OK)) {
+ do_log(LOG_CRIT, "socket already exists\n");
+ return -1;
+ }
+
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock < 0) {
+ do_perror("socket");
+ return -1;
+ }
+
+ /* mask other part of mode bits */
+ umask(7);
+
+ proxy.sun_family = AF_UNIX;
+ strcpy(proxy.sun_path, path);
+ if (bind(sock, (struct sockaddr *)&proxy,
+ sizeof(struct sockaddr_un)) < 0) {
+ do_perror("bind");
+ return -1;
+ }
+ if (chown(proxy.sun_path, uid, gid) < 0) {
+ do_perror("chown");
+ return -1;
+ }
+ if (listen(sock, 1) < 0) {
+ do_perror("listen");
+ return -1;
+ }
+
+ client = accept(sock, (struct sockaddr *)&qemu, &size);
+ if (client < 0) {
+ do_perror("accept");
+ return -1;
+ }
+ return client;
+}
+
static void usage(char *prog)
{
fprintf(stderr, "usage: %s\n"
" -p|--path <path> 9p path to export\n"
" {-f|--fd <socket-descriptor>} socket file descriptor to be used\n"
+ " {-s|--socket <socketname> socket file used for communication\n"
+ " \t-u|--uid <uid> -g|--gid <gid>} - uid:gid combination to give "
+ " access to this socket\n"
+ " \tNote: -s & -f can not be used together\n"
" [-n|--nodaemon] Run as a normal program\n",
basename(prog));
}
int main(int argc, char **argv)
{
int sock;
+ uid_t own_u;
+ gid_t own_g;
char *rpath = NULL;
+ char *sock_name = NULL;
struct stat stbuf;
int c, option_index;
#ifdef FS_IOC_GETVERSION
is_daemon = true;
sock = -1;
+ own_u = own_g = -1;
while (1) {
option_index = 0;
- c = getopt_long(argc, argv, "p:nh?f:", helper_opts,
+ c = getopt_long(argc, argv, "p:nh?f:s:u:g:", helper_opts,
&option_index);
if (c == -1) {
break;
case 'f':
sock = atoi(optarg);
break;
+ case 's':
+ sock_name = strdup(optarg);
+ break;
+ case 'u':
+ own_u = atoi(optarg);
+ break;
+ case 'g':
+ own_g = atoi(optarg);
+ break;
case '?':
case 'h':
default:
}
/* Parameter validation */
- if (sock == -1 || rpath == NULL) {
- fprintf(stderr, "socket descriptor or path not specified\n");
+ if ((sock_name == NULL && sock == -1) || rpath == NULL) {
+ fprintf(stderr, "socket, socket descriptor or path not specified\n");
+ usage(argv[0]);
+ return -1;
+ }
+
+ if (*sock_name && (own_u == -1 || own_g == -1)) {
+ fprintf(stderr, "owner uid:gid not specified, ");
+ fprintf(stderr,
+ "owner uid:gid specifies who can access the socket file\n");
usage(argv[0]);
exit(EXIT_FAILURE);
}
}
do_log(LOG_INFO, "Started\n");
+ if (*sock_name) {
+ sock = proxy_socket(sock_name, own_u, own_g);
+ if (sock < 0) {
+ goto error;
+ }
+ }
get_version = false;
#ifdef FS_IOC_GETVERSION
Use given file descriptor as socket descriptor for communicating with
qemu proxy fs drier. Usually a helper like libvirt will create
socketpair and pass one of the fds as parameter to -f|--fd
+@item -s|--socket socket-file
+Creates named socket file for communicating with qemu proxy fs driver
+@item -u|--uid uid -g|--gid gid
+uid:gid combination to give access to named socket file
@item -n|--nodaemon
Run as a normal program. By default program will run in daemon mode
@end table
return err;
}
+static int connect_namedsocket(const char *path)
+{
+ int sockfd, size;
+ struct sockaddr_un helper;
+
+ sockfd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sockfd < 0) {
+ fprintf(stderr, "socket %s\n", strerror(errno));
+ return -1;
+ }
+ strcpy(helper.sun_path, path);
+ helper.sun_family = AF_UNIX;
+ size = strlen(helper.sun_path) + sizeof(helper.sun_family);
+ if (connect(sockfd, (struct sockaddr *)&helper, size) < 0) {
+ fprintf(stderr, "socket error\n");
+ return -1;
+ }
+
+ /* remove the socket for security reasons */
+ unlink(path);
+ return sockfd;
+}
+
static int proxy_parse_opts(QemuOpts *opts, struct FsDriverEntry *fs)
{
+ const char *socket = qemu_opt_get(opts, "socket");
const char *sock_fd = qemu_opt_get(opts, "sock_fd");
- if (sock_fd) {
- fprintf(stderr, "sock_fd option not specified\n");
+ if (!socket && !sock_fd) {
+ fprintf(stderr, "socket and sock_fd none of the option specified\n");
+ return -1;
+ }
+ if (socket && sock_fd) {
+ fprintf(stderr, "Both socket and sock_fd options specified\n");
return -1;
}
- fs->path = g_strdup(sock_fd);
+ if (socket) {
+ fs->path = g_strdup(socket);
+ fs->export_flags = V9FS_PROXY_SOCK_NAME;
+ } else {
+ fs->path = g_strdup(sock_fd);
+ fs->export_flags = V9FS_PROXY_SOCK_FD;
+ }
return 0;
}
V9fsProxy *proxy = g_malloc(sizeof(V9fsProxy));
int sock_id;
- sock_id = atoi(ctx->fs_root);
- if (sock_id < 0) {
- fprintf(stderr, "socket descriptor not initialized\n");
- return -1;
+ if (ctx->export_flags & V9FS_PROXY_SOCK_NAME) {
+ sock_id = connect_namedsocket(ctx->fs_root);
+ } else {
+ sock_id = atoi(ctx->fs_root);
+ if (sock_id < 0) {
+ fprintf(stderr, "socket descriptor not initialized\n");
+ return -1;
+ }
}
g_free(ctx->fs_root);
}, {
.name = "readonly",
.type = QEMU_OPT_BOOL,
+
+ }, {
+ .name = "socket",
+ .type = QEMU_OPT_STRING,
}, {
.name = "sock_fd",
.type = QEMU_OPT_NUMBER,
}, {
.name = "readonly",
.type = QEMU_OPT_BOOL,
+ }, {
+ .name = "socket",
+ .type = QEMU_OPT_STRING,
}, {
.name = "sock_fd",
.type = QEMU_OPT_NUMBER,
DEF("fsdev", HAS_ARG, QEMU_OPTION_fsdev,
"-fsdev fsdriver,id=id[,path=path,][security_model={mapped|passthrough|none}]\n"
- " [,writeout=immediate][,readonly][,sock_fd=sock_fd]\n",
+ " [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd]\n",
QEMU_ARCH_ALL)
STEXI
-@item -fsdev @var{fsdriver},id=@var{id},path=@var{path},[security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,sock_fd=@var{sock_fd}]
+@item -fsdev @var{fsdriver},id=@var{id},path=@var{path},[security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}]
@findex -fsdev
Define a new file system device. Valid options are:
@table @option
@item readonly
Enables exporting 9p share as a readonly mount for guests. By default
read-write access is given.
+@item socket=@var{socket}
+Enables proxy filesystem driver to use passed socket file for communicating
+with virtfs-proxy-helper
@item sock_fd=@var{sock_fd}
Enables proxy filesystem driver to use passed socket descriptor for
communicating with virtfs-proxy-helper. Usually a helper like libvirt
DEF("virtfs", HAS_ARG, QEMU_OPTION_virtfs,
"-virtfs local,path=path,mount_tag=tag,security_model=[mapped|passthrough|none]\n"
- " [,writeout=immediate][,readonly][,sock_fd=sock_fd]\n",
+ " [,writeout=immediate][,readonly][,socket=socket|sock_fd=sock_fd]\n",
QEMU_ARCH_ALL)
STEXI
-@item -virtfs @var{fsdriver}[,path=@var{path}],mount_tag=@var{mount_tag}[,security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,sock_fd=@var{sock_fd}]
+@item -virtfs @var{fsdriver}[,path=@var{path}],mount_tag=@var{mount_tag}[,security_model=@var{security_model}][,writeout=@var{writeout}][,readonly][,socket=@var{socket}|sock_fd=@var{sock_fd}]
@findex -virtfs
The general form of a Virtual File system pass-through options are:
@item readonly
Enables exporting 9p share as a readonly mount for guests. By default
read-write access is given.
+@item socket=@var{socket}
+Enables proxy filesystem driver to use passed socket file for
+communicating with virtfs-proxy-helper. Usually a helper like libvirt
+will create socketpair and pass one of the fds as sock_fd
@item sock_fd
Enables proxy filesystem driver to use passed 'sock_fd' as the socket
descriptor for interfacing with virtfs-proxy-helper
case QEMU_OPTION_virtfs: {
QemuOpts *fsdev;
QemuOpts *device;
- const char *writeout, *sock_fd;
+ const char *writeout, *sock_fd, *socket;
olist = qemu_find_opts("virtfs");
if (!olist) {
qemu_opt_set(fsdev, "path", qemu_opt_get(opts, "path"));
qemu_opt_set(fsdev, "security_model",
qemu_opt_get(opts, "security_model"));
+ socket = qemu_opt_get(opts, "socket");
+ if (socket) {
+ qemu_opt_set(fsdev, "socket", socket);
+ }
sock_fd = qemu_opt_get(opts, "sock_fd");
if (sock_fd) {
qemu_opt_set(fsdev, "sock_fd", sock_fd);
projects / qemu.git / commitdiff