aboutsummaryrefslogtreecommitdiff
path: root/fsdev
diff options
context:
space:
mode:
authorVivek Goyal <vgoyal@redhat.com>2022-02-08 15:48:11 -0500
committerDr. David Alan Gilbert <dgilbert@redhat.com>2022-02-17 17:22:26 +0000
commit0c3f81e13184ef0dc4b7c1a2afc15cb77fdad99b (patch)
treea6203c33fbd18aa0d5b19846969a95cba2f960e6 /fsdev
parentcb282e556acef3764adde88701ec923a0731bc56 (diff)
downloadqemu-0c3f81e13184ef0dc4b7c1a2afc15cb77fdad99b.zip
qemu-0c3f81e13184ef0dc4b7c1a2afc15cb77fdad99b.tar.gz
qemu-0c3f81e13184ef0dc4b7c1a2afc15cb77fdad99b.tar.bz2
virtiofsd: Create new file with security context
This patch adds support for creating new file with security context as sent by client. It basically takes three paths. - If no security context enabled, then it continues to create files without security context. - If security context is enabled and but security.selinux has not been remapped, then it uses /proc/thread-self/attr/fscreate knob to set security context and then create the file. This will make sure that newly created file gets the security context as set in "fscreate" and this is atomic w.r.t file creation. This is useful and host and guest SELinux policies don't conflict and can work with each other. In that case, guest security.selinux xattr is not remapped and it is passthrough as "security.selinux" xattr on host. - If security context is enabled but security.selinux xattr has been remapped to something else, then it first creates the file and then uses setxattr() to set the remapped xattr with the security context. This is a non-atomic operation w.r.t file creation. This mode will be most versatile and allow host and guest to have their own separate SELinux xattrs and have their own separate SELinux policies. Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Message-Id: <20220208204813.682906-9-vgoyal@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Diffstat (limited to 'fsdev')
0 files changed, 0 insertions, 0 deletions