| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | virtiofsd: Fix xattr operations | Misono Tomohiro | 2020-03-03 | 1 | -0/+6 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Current virtiofsd has problems about xattr operations and they does not work properly for directory/symlink/special file. The fundamental cause is that virtiofsd uses openat() + f...xattr() systemcalls for xattr operation but we should not open symlink/special file in the daemon. Therefore the function is restricted. Fix this problem by: 1. during setup of each thread, call unshare(CLONE_FS) 2. in xattr operations (i.e. lo_getxattr), if inode is not a regular file or directory, use fchdir(proc_loot_fd) + ...xattr() + fchdir(root.fd) instead of openat() + f...xattr() (Note: for a regular file/directory openat() + f...xattr() is still used for performance reason) With this patch, xfstests generic/062 passes on virtiofs. This fix is suggested by Miklos Szeredi and Stefan Hajnoczi. The original discussion can be found here: https://www.redhat.com/archives/virtio-fs/2019-October/msg00046.html Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> Message-Id: <20200227055927.24566-3-misono.tomohiro@jp.fujitsu.com> Acked-by: Vivek Goyal <vgoyal@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> | ||||
| * | virtiofsd: add --syslog command-line option | Stefan Hajnoczi | 2020-01-23 | 1 | -9/+23 |
| | | | | | | | | | | | | | Sometimes collecting output from stderr is inconvenient or does not fit within the overall logging architecture. Add syslog(3) support for cases where stderr cannot be used. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> dgilbert: Reworked as a logging function Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> | ||||
| * | virtiofsd: add seccomp whitelist | Stefan Hajnoczi | 2020-01-23 | 1 | -0/+151 |
| Only allow system calls that are needed by virtiofsd. All other system calls cause SIGSYS to be directed at the thread and the process will coredump. Restricting system calls reduces the kernel attack surface and limits what the process can do when compromised. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> with additional entries by: Signed-off-by: Ganesh Maharaj Mahalingam <ganesh.mahalingam@intel.com> Signed-off-by: Masayoshi Mizuma <m.mizuma@jp.fujitsu.com> Signed-off-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com> Signed-off-by: piaojun <piaojun@huawei.com> Signed-off-by: Vivek Goyal <vgoyal@redhat.com> Signed-off-by: Eric Ren <renzhen@linux.alibaba.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> | |||||
 |
index : bwlp/qemu.git | |
| Experimental fork of QEMU with video encoding patches | OpenSLX |
| summaryrefslogtreecommitdiffstats |