/ - Diff - qemu - Greek Research and Technology Network's projects

Revision a2d8f1be

     ifdef BUILD_DOCS
     DOCS=qemu-doc.html qemu-tech.html qemu.1 qemu-img.1 qemu-nbd.8 QMP/qmp-commands.txt
     DOCS+=fsdev/virtfs-proxy-helper.1
     else
     DOCS=
     endif
-...
     	$(INSTALL_DIR) "$(DESTDIR)$(mandir)/man8"
     	$(INSTALL_DATA) qemu-nbd.8 "$(DESTDIR)$(mandir)/man8"
     endif
     ifdef CONFIG_VIRTFS
     	$(INSTALL_DIR) "$(DESTDIR)$(mandir)/man1"
     	$(INSTALL_DATA) fsdev/virtfs-proxy-helper.1 "$(DESTDIR)$(mandir)/man1"
     endif
     install-sysconfig:
     	$(INSTALL_DIR) "$(DESTDIR)$(sysconfdir)/qemu"
     	$(INSTALL_DATA) $(SRC_PATH)/sysconfigs/target/target-x86_64.conf "$(DESTDIR)$(sysconfdir)/qemu"
-...
     	  pod2man --section=1 --center=" " --release=" " qemu-img.pod > $@, \
     	  "  GEN   $@")
     fsdev/virtfs-proxy-helper.1: fsdev/virtfs-proxy-helper.texi
     	$(call quiet-command, \
     	  perl -Ww -- $(SRC_PATH)/scripts/texi2pod.pl $< fsdev/virtfs-proxy-helper.pod && \
     	  pod2man --section=1 --center=" " --release=" " fsdev/virtfs-proxy-helper.pod > $@, \
     	  "  GEN   $@")
     qemu-nbd.8: qemu-nbd.texi
     	$(call quiet-command, \
     	  perl -Ww -- $(SRC_PATH)/scripts/texi2pod.pl $< qemu-nbd.pod && \

     @example
     @c man begin SYNOPSIS
     usage: virtfs-proxy-helper options
     @c man end
     @end example
     @c man begin DESCRIPTION
     @table @description
     Pass-through security model in QEMU 9p server needs root privilege to do
     few file operations (like chown, chmod to any mode/uid:gid).  There are two
     issues in pass-through security model
 ) TOCTTOU vulnerability: Following symbolic links in the server could
     provide access to files beyond 9p export path.
 ) Running QEMU with root privilege could be a security issue.
     To overcome above issues, following approach is used: A new filesytem
     type 'proxy' is introduced. Proxy FS uses chroot + socket combination
     for securing the vulnerability known with following symbolic links.
     Intention of adding a new filesystem type is to allow qemu to run
     in non-root mode, but doing privileged operations using socket IO.
     Proxy helper(a stand alone binary part of qemu) is invoked with
     root privileges. Proxy helper chroots into 9p export path and creates
     a socket pair or a named socket based on the command line parameter.
     Qemu and proxy helper communicate using this socket. QEMU proxy fs
     driver sends filesystem request to proxy helper and receives the
     response from it.
     Proxy helper is designed so that it can drop the root privilege with
     retaining capbilities needed for doing filesystem operations only.
     @end table
     @c man end
     @c man begin OPTIONS
     The following options are supported:
     @table @option
     @item -h
     @findex -h
     Display help and exit
     @item -p|--path path
     Path to export for proxy filesystem driver
     @item -f|--fd socket-id
     Use given file descriptor as socket descriptor for communicating with
     qemu proxy fs drier. Usually a helper like libvirt will create
     socketpair and pass one of the fds as parameter to -f|--fd
     @item -n|--nodaemon
     Run as a normal program. By default program will run in daemon mode
     @end table
     @c man end
     @setfilename virtfs-proxy-helper
     @settitle QEMU 9p virtfs proxy filesystem helper
     @c man begin AUTHOR
     M. Mohan Kumar
     @c man end

Also available in: Unified diff

Archipelago » qemu

Revision a2d8f1be