forked from qemu/qemu
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
virtiofsd: Create new file with security context
This patch adds support for creating new file with security context as sent by client. It basically takes three paths. - If no security context enabled, then it continues to create files without security context. - If security context is enabled and but security.selinux has not been remapped, then it uses /proc/thread-self/attr/fscreate knob to set security context and then create the file. This will make sure that newly created file gets the security context as set in "fscreate" and this is atomic w.r.t file creation. This is useful and host and guest SELinux policies don't conflict and can work with each other. In that case, guest security.selinux xattr is not remapped and it is passthrough as "security.selinux" xattr on host. - If security context is enabled but security.selinux xattr has been remapped to something else, then it first creates the file and then uses setxattr() to set the remapped xattr with the security context. This is a non-atomic operation w.r.t file creation. This mode will be most versatile and allow host and guest to have their own separate SELinux xattrs and have their own separate SELinux policies. Reviewed-by: Dr. David Alan Gilbert <[email protected]> Signed-off-by: Vivek Goyal <[email protected]> Message-Id: <[email protected]> Signed-off-by: Dr. David Alan Gilbert <[email protected]>
- Loading branch information
Showing
1 changed file
with
200 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters