From 81bfc42dcf473bc8d3790622633410da72d8e622 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Thu, 7 Feb 2019 12:17:21 +0000 Subject: virtiofsd: Add Makefile wiring for virtiofsd contrib MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Wire up the building of the virtiofsd in tools. virtiofsd relies on Linux-specific system calls and seccomp. Anyone wishing to port it to other host operating systems should do so carefully and without reducing security. Only allow building on Linux hosts. Signed-off-by: Dr. David Alan Gilbert Signed-off-by: Stefan Hajnoczi Reviewed-by: Liam Merwick Reviewed-by: Daniel P. Berrangé Signed-off-by: Dr. David Alan Gilbert --- Makefile | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 6562b0d..ef1e215 100644 --- a/Makefile +++ b/Makefile @@ -327,6 +327,10 @@ HELPERS-y += vhost-user-gpu$(EXESUF) vhost-user-json-y += contrib/vhost-user-gpu/50-qemu-gpu.json endif +ifdef CONFIG_LINUX +HELPERS-y += virtiofsd$(EXESUF) +endif + # Sphinx does not allow building manuals into the same directory as # the source files, so if we're doing an in-tree QEMU build we must # build the manuals into a subdirectory (and then install them from @@ -429,6 +433,7 @@ dummy := $(call unnest-vars,, \ elf2dmp-obj-y \ ivshmem-client-obj-y \ ivshmem-server-obj-y \ + virtiofsd-obj-y \ rdmacm-mux-obj-y \ libvhost-user-obj-y \ vhost-user-scsi-obj-y \ @@ -668,6 +673,11 @@ rdmacm-mux$(EXESUF): LIBS += "-libumad" rdmacm-mux$(EXESUF): $(rdmacm-mux-obj-y) $(COMMON_LDADDS) $(call LINK, $^) +ifdef CONFIG_LINUX # relies on Linux-specific syscalls +virtiofsd$(EXESUF): $(virtiofsd-obj-y) libvhost-user.a $(COMMON_LDADDS) + $(call LINK, $^) +endif + vhost-user-gpu$(EXESUF): $(vhost-user-gpu-obj-y) $(libvhost-user-obj-y) libqemuutil.a libqemustub.a $(call LINK, $^) -- cgit v1.1 From 315616ed50ba15a5d7236ade8a402a93898202de Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Tue, 27 Aug 2019 10:54:37 +0100 Subject: virtiofsd: add vhost-user.json file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Install a vhost-user.json file describing virtiofsd. This allows libvirt and other management tools to enumerate vhost-user backend programs. Signed-off-by: Stefan Hajnoczi Reviewed-by: Daniel P. Berrangé Signed-off-by: Dr. David Alan Gilbert --- Makefile | 1 + 1 file changed, 1 insertion(+) (limited to 'Makefile') diff --git a/Makefile b/Makefile index ef1e215..2f81271 100644 --- a/Makefile +++ b/Makefile @@ -329,6 +329,7 @@ endif ifdef CONFIG_LINUX HELPERS-y += virtiofsd$(EXESUF) +vhost-user-json-y += tools/virtiofsd/50-qemu-virtiofsd.json endif # Sphinx does not allow building manuals into the same directory as -- cgit v1.1 From 4f8bde99c175ffd86b5125098a4707d43f5e80c6 Mon Sep 17 00:00:00 2001 From: Stefan Hajnoczi Date: Wed, 13 Mar 2019 09:32:51 +0000 Subject: virtiofsd: add seccomp whitelist Only allow system calls that are needed by virtiofsd. All other system calls cause SIGSYS to be directed at the thread and the process will coredump. Restricting system calls reduces the kernel attack surface and limits what the process can do when compromised. Signed-off-by: Stefan Hajnoczi with additional entries by: Signed-off-by: Ganesh Maharaj Mahalingam Signed-off-by: Masayoshi Mizuma Signed-off-by: Misono Tomohiro Signed-off-by: piaojun Signed-off-by: Vivek Goyal Signed-off-by: Eric Ren Signed-off-by: Dr. David Alan Gilbert --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index 2f81271..ad400f3 100644 --- a/Makefile +++ b/Makefile @@ -327,7 +327,7 @@ HELPERS-y += vhost-user-gpu$(EXESUF) vhost-user-json-y += contrib/vhost-user-gpu/50-qemu-gpu.json endif -ifdef CONFIG_LINUX +ifeq ($(CONFIG_LINUX)$(CONFIG_SECCOMP),yy) HELPERS-y += virtiofsd$(EXESUF) vhost-user-json-y += tools/virtiofsd/50-qemu-virtiofsd.json endif @@ -674,7 +674,8 @@ rdmacm-mux$(EXESUF): LIBS += "-libumad" rdmacm-mux$(EXESUF): $(rdmacm-mux-obj-y) $(COMMON_LDADDS) $(call LINK, $^) -ifdef CONFIG_LINUX # relies on Linux-specific syscalls +# relies on Linux-specific syscalls +ifeq ($(CONFIG_LINUX)$(CONFIG_SECCOMP),yy) virtiofsd$(EXESUF): $(virtiofsd-obj-y) libvhost-user.a $(COMMON_LDADDS) $(call LINK, $^) endif -- cgit v1.1 From 2405f3c0d19eb4d516a88aa4e5c54e5f9c6bbea3 Mon Sep 17 00:00:00 2001 From: "Dr. David Alan Gilbert" Date: Tue, 3 Dec 2019 12:23:44 +0000 Subject: virtiofsd: cap-ng helpers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit libcap-ng reads /proc during capng_get_caps_process, and virtiofsd's sandboxing doesn't have /proc mounted; thus we have to do the caps read before we sandbox it and save/restore the state. Signed-off-by: Dr. David Alan Gilbert Reviewed-by: Daniel P. Berrangé Signed-off-by: Dr. David Alan Gilbert --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Makefile') diff --git a/Makefile b/Makefile index ad400f3..6b4b075 100644 --- a/Makefile +++ b/Makefile @@ -327,7 +327,7 @@ HELPERS-y += vhost-user-gpu$(EXESUF) vhost-user-json-y += contrib/vhost-user-gpu/50-qemu-gpu.json endif -ifeq ($(CONFIG_LINUX)$(CONFIG_SECCOMP),yy) +ifeq ($(CONFIG_LINUX)$(CONFIG_SECCOMP)$(CONFIG_LIBCAP_NG),yyy) HELPERS-y += virtiofsd$(EXESUF) vhost-user-json-y += tools/virtiofsd/50-qemu-virtiofsd.json endif @@ -675,7 +675,7 @@ rdmacm-mux$(EXESUF): $(rdmacm-mux-obj-y) $(COMMON_LDADDS) $(call LINK, $^) # relies on Linux-specific syscalls -ifeq ($(CONFIG_LINUX)$(CONFIG_SECCOMP),yy) +ifeq ($(CONFIG_LINUX)$(CONFIG_SECCOMP)$(CONFIG_LIBCAP_NG),yyy) virtiofsd$(EXESUF): $(virtiofsd-obj-y) libvhost-user.a $(COMMON_LDADDS) $(call LINK, $^) endif -- cgit v1.1