| commit | 4750a96f6baf8949cc04a0c5b7167606544a4401 | |
| author | Venkateswararao Jujjuri (JV) <jvrao@linux.vnet.ibm.com> | |
| Mon, 14 Jun 2010 20:34:45 +0000 (14 13:34 -0700) | ||
| committer | Anthony Liguori <aliguori@us.ibm.com> | |
| Tue, 22 Jun 2010 20:15:50 +0000 (22 15:15 -0500) | ||
| tree | 59dfed5f2adfb3fb546c078119629e3eca599d82 | treesnapshot (tar.gz zip) |
| parent | 1237ad7607aae5859067831e36a59d3b017c5a54 | commitdiff |
virtio-9p: Security model for create/open2
In the mapped security model, VirtFS server intercepts and maps
the file object create and get/set attribute requests. Files on the fileserver
will be created with VirtFS servers (QEMU) user credentials and the
client-users credentials are stored in extended attributes. On the request
to get attributes, server extracts the client-users credentials
from extended attributes and sends them to the client.
On Host/Fileserver:
-rw-------. 2 virfsuid virtfsgid 0 2010-05-11 09:19 afile
On Guest/Client:
-rw-r--r-- 2 guestuser guestuser 0 2010-05-11 12:19 afile
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
In the mapped security model, VirtFS server intercepts and maps
the file object create and get/set attribute requests. Files on the fileserver
will be created with VirtFS servers (QEMU) user credentials and the
client-users credentials are stored in extended attributes. On the request
to get attributes, server extracts the client-users credentials
from extended attributes and sends them to the client.
On Host/Fileserver:
-rw-------. 2 virfsuid virtfsgid 0 2010-05-11 09:19 afile
On Guest/Client:
-rw-r--r-- 2 guestuser guestuser 0 2010-05-11 12:19 afile
Signed-off-by: Venkateswararao Jujjuri <jvrao@linux.vnet.ibm.com>
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
| hw/file-op-9p.h | diffblobblamehistory | |
| hw/virtio-9p-local.c | diffblobblamehistory | |
| hw/virtio-9p.c | diffblobblamehistory |