aboutsummaryrefslogtreecommitdiff
path: root/block/export
diff options
context:
space:
mode:
authorMax Reitz <mreitz@redhat.com>2021-06-25 16:23:13 +0200
committerKevin Wolf <kwolf@redhat.com>2021-07-09 12:26:05 +0200
commit8fc54f9428b9763f8003bd5f5dd440946210fc80 (patch)
tree1c68ffd8d5f152e7714e25559a68dd5d694b3d2a /block/export
parent2c7dd057aa7bd7a875e9b1a53975c220d6380bc4 (diff)
downloadqemu-8fc54f9428b9763f8003bd5f5dd440946210fc80.zip
qemu-8fc54f9428b9763f8003bd5f5dd440946210fc80.tar.gz
qemu-8fc54f9428b9763f8003bd5f5dd440946210fc80.tar.bz2
export/fuse: Add allow-other option
Without the allow_other mount option, no user (not even root) but the one who started qemu/the storage daemon can access the export. Allow users to configure the export such that such accesses are possible. While allow_other is probably what users want, we cannot make it an unconditional default, because passing it is only possible (for non-root users) if the global fuse.conf configuration file allows it. Thus, the default is an 'auto' mode, in which we first try with allow_other, and then fall back to without. FuseExport.allow_other reports whether allow_other was actually used as a mount option or not. Currently, this information is not used, but a future patch will let this field decide whether e.g. an export's UID and GID can be changed through chmod. One notable thing about 'auto' mode is that libfuse may print error messages directly to stderr, and so may fusermount (which it executes). Our export code cannot really filter or hide them. Therefore, if 'auto' fails its first attempt and has to fall back, fusermount will print an error message that mounting with allow_other failed. This behavior necessitates a change to iotest 308, namely we need to filter out this error message (because if the first attempt at mounting with allow_other succeeds, there will be no such message). Furthermore, common.rc's _make_test_img should use allow-other=off for FUSE exports, because iotests generally do not need to access images from other users, so allow-other=on or allow-other=auto have no advantage. OTOH, allow-other=on will not work on systems where user_allow_other is disabled, and with allow-other=auto, we get said error message that we would need to filter out again. Just disabling allow-other is simplest. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20210625142317.271673-3-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Diffstat (limited to 'block/export')
-rw-r--r--block/export/fuse.c28
1 files changed, 23 insertions, 5 deletions
diff --git a/block/export/fuse.c b/block/export/fuse.c
index d0b88e8..4068250 100644
--- a/block/export/fuse.c
+++ b/block/export/fuse.c
@@ -46,6 +46,8 @@ typedef struct FuseExport {
char *mountpoint;
bool writable;
bool growable;
+ /* Whether allow_other was used as a mount option or not */
+ bool allow_other;
} FuseExport;
static GHashTable *exports;
@@ -57,7 +59,7 @@ static void fuse_export_delete(BlockExport *exp);
static void init_exports_table(void);
static int setup_fuse_export(FuseExport *exp, const char *mountpoint,
- Error **errp);
+ bool allow_other, Error **errp);
static void read_from_fuse_export(void *opaque);
static bool is_regular_file(const char *path, Error **errp);
@@ -118,7 +120,22 @@ static int fuse_export_create(BlockExport *blk_exp,
exp->writable = blk_exp_args->writable;
exp->growable = args->growable;
- ret = setup_fuse_export(exp, args->mountpoint, errp);
+ /* set default */
+ if (!args->has_allow_other) {
+ args->allow_other = FUSE_EXPORT_ALLOW_OTHER_AUTO;
+ }
+
+ if (args->allow_other == FUSE_EXPORT_ALLOW_OTHER_AUTO) {
+ /* Ignore errors on our first attempt */
+ ret = setup_fuse_export(exp, args->mountpoint, true, NULL);
+ exp->allow_other = ret == 0;
+ if (ret < 0) {
+ ret = setup_fuse_export(exp, args->mountpoint, false, errp);
+ }
+ } else {
+ exp->allow_other = args->allow_other == FUSE_EXPORT_ALLOW_OTHER_ON;
+ ret = setup_fuse_export(exp, args->mountpoint, exp->allow_other, errp);
+ }
if (ret < 0) {
goto fail;
}
@@ -146,7 +163,7 @@ static void init_exports_table(void)
* Create exp->fuse_session and mount it.
*/
static int setup_fuse_export(FuseExport *exp, const char *mountpoint,
- Error **errp)
+ bool allow_other, Error **errp)
{
const char *fuse_argv[4];
char *mount_opts;
@@ -157,8 +174,9 @@ static int setup_fuse_export(FuseExport *exp, const char *mountpoint,
* max_read needs to match what fuse_init() sets.
* max_write need not be supplied.
*/
- mount_opts = g_strdup_printf("max_read=%zu,default_permissions",
- FUSE_MAX_BOUNCE_BYTES);
+ mount_opts = g_strdup_printf("max_read=%zu,default_permissions%s",
+ FUSE_MAX_BOUNCE_BYTES,
+ allow_other ? ",allow_other" : "");
fuse_argv[0] = ""; /* Dummy program name */
fuse_argv[1] = "-o";