« Previous | Next » 

Revision 879c2813

ID879c28133dfa54b780dffbb29e4dcfc6581f6281

Added by Venkateswararao Jujjuri (JV) over 10 years ago

virtio-9p: Security model for symlink and readlink

Mapped mode stores extended attributes in the user space of the extended
attributes. Given that the user space extended attributes are available
to regular files only, special files are created as regular files on the
fileserver and appropriate mode bits are added to the extended attributes.
This method presents all special files and symlinks as regular files on the
fileserver while they are represented as special files on the guest mount.

Implemntation of symlink in mapped security model:

A regular file is created and the link target is written to it.
readlink() reads it back from the file.

On Guest/Client:
lrwxrwxrwx 1 root root 6 2010-05-11 12:20 asymlink -> afile

On Host/Fileserver:
rw------. 1 root root 6 2010-05-11 09:20 asymlink
afile

Under passthrough model, it just calls underlying symlink() readlink()
system calls are used.

Under both security models, client user credentials are changed
after the filesystem objec creation.

Signed-off-by: Venkateswararao Jujjuri <>
Signed-off-by: Anthony Liguori <>

Files

  • added
  • modified
  • copied
  • renamed
  • deleted

View differences