aboutsummaryrefslogtreecommitdiff
path: root/hw/9pfs
diff options
context:
space:
mode:
authorM. Mohan Kumar <mohan@in.ibm.com>2012-01-19 12:21:12 +0530
committerAneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>2012-01-30 10:54:16 +0530
commit2d40564aaab3a99fe6ce00fc0fc893c02e9443ec (patch)
tree8b297266eff6d33d444051ded22b18f5b2669994 /hw/9pfs
parent2c30dd744aa02d31a8a3b87daaba0b2cb774f346 (diff)
downloadqemu-2d40564aaab3a99fe6ce00fc0fc893c02e9443ec.zip
qemu-2d40564aaab3a99fe6ce00fc0fc893c02e9443ec.tar.gz
qemu-2d40564aaab3a99fe6ce00fc0fc893c02e9443ec.tar.bz2
hw/9pfs: Preserve S_ISGID
In passthrough security model in local fs driver, after a file creation chown and chmod are done to set the file credentials and mode as requested by 9p client. But if there was a request to create a file with S_ISGID bit, doing chown on that file resets the S_ISGID bit. So first call chown and then invoking chmod with proper mode bit retains the S_ISGID (if present/requested) This resulted in LTP mknod02, mknod03, mknod05, open10 test case failures. This patch fixes this issue. man 2 chown When the owner or group of an executable file are changed by an unprivileged user the S_ISUID and S_ISGID mode bits are cleared. POSIX does not specify whether this also should happen when root does the chown(); the Linux behavior depends on the kernel version. Signed-off-by: M. Mohan Kumar <mohan@in.ibm.com> Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Diffstat (limited to 'hw/9pfs')
-rw-r--r--hw/9pfs/virtio-9p-handle.c4
-rw-r--r--hw/9pfs/virtio-9p-local.c7
2 files changed, 6 insertions, 5 deletions
diff --git a/hw/9pfs/virtio-9p-handle.c b/hw/9pfs/virtio-9p-handle.c
index cb012c0..f96d17a 100644
--- a/hw/9pfs/virtio-9p-handle.c
+++ b/hw/9pfs/virtio-9p-handle.c
@@ -63,11 +63,11 @@ static int handle_update_file_cred(int dirfd, const char *name, FsCred *credp)
if (fd < 0) {
return fd;
}
- ret = fchmod(fd, credp->fc_mode & 07777);
+ ret = fchownat(fd, "", credp->fc_uid, credp->fc_gid, AT_EMPTY_PATH);
if (ret < 0) {
goto err_out;
}
- ret = fchownat(fd, "", credp->fc_uid, credp->fc_gid, AT_EMPTY_PATH);
+ ret = fchmod(fd, credp->fc_mode & 07777);
err_out:
close(fd);
return ret;
diff --git a/hw/9pfs/virtio-9p-local.c b/hw/9pfs/virtio-9p-local.c
index 6e3f9d1..33a41d2 100644
--- a/hw/9pfs/virtio-9p-local.c
+++ b/hw/9pfs/virtio-9p-local.c
@@ -257,9 +257,6 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
{
char buffer[PATH_MAX];
- if (chmod(rpath(fs_ctx, path, buffer), credp->fc_mode & 07777) < 0) {
- return -1;
- }
if (lchown(rpath(fs_ctx, path, buffer), credp->fc_uid,
credp->fc_gid) < 0) {
/*
@@ -270,6 +267,10 @@ static int local_post_create_passthrough(FsContext *fs_ctx, const char *path,
return -1;
}
}
+
+ if (chmod(rpath(fs_ctx, path, buffer), credp->fc_mode & 07777) < 0) {
+ return -1;
+ }
return 0;
}