Useful for
* limiting privileges
* opening block devices O_EXCL
Use dup to work around the fact /proc/self/fd
can't be opened after dropping privileges.
This proc behaviour doesn't match TLPI and might be a bug.
Qemu has a slightly more complex fdset approach
that provides fds with different access permissions.
Signed-off-by: Gabriel de Perthuis <[email protected]>
---
arch/um/os-Linux/file.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/arch/um/os-Linux/file.c b/arch/um/os-Linux/file.c
index c17bd6f..cee65ba 100644
--- a/arch/um/os-Linux/file.c
+++ b/arch/um/os-Linux/file.c
@@ -169,11 +169,11 @@ int os_file_mode(const char *file, struct openflags *mode_out)
return err;
}
int os_open_file(const char *file, struct openflags flags, int mode)
{
- int fd, err, f = 0;
+ int fd, fd0, err, f = 0;
if (flags.r && flags.w)
f = O_RDWR;
else if (flags.r)
f = O_RDONLY;
@@ -190,11 +190,15 @@ int os_open_file(const char *file, struct openflags flags, int mode)
if (flags.e)
f |= O_EXCL;
if (flags.a)
f |= O_APPEND;
- fd = open64(file, f, mode);
+ if (!strncmp(file, "/dev/fd/", 8)
+ && sscanf(file, "/dev/fd/%d", &fd0) == 1)
+ fd = dup(fd0);
+ else
+ fd = open64(file, f, mode);
if (fd < 0)
return -errno;
if (flags.cl && fcntl(fd, F_SETFD, 1)) {
err = -errno;
@@ -280,11 +284,11 @@ int os_file_size(const char *file, unsigned long long *size_out)
if (S_ISBLK(buf.ust_mode)) {
int fd;
long blocks;
- fd = open(file, O_RDONLY, 0);
+ fd = os_open_file(file, of_read(OPENFLAGS()), 0);
if (fd < 0) {
err = -errno;
printk(UM_KERN_ERR "Couldn't open \"%s\", "
"errno = %d\n", file, errno);
return err;
--
1.8.3.3.758.g90e98ff
Am 27.07.2013 17:23, schrieb Gabriel de Perthuis:
> Useful for
> * limiting privileges
> * opening block devices O_EXCL
So, the goal of this patch is to allow passing a file descriptor
number as block device instead of a file?
I assume you have already a wrapper around UML which exec()'s it such that
it can reuse a fd?
> Use dup to work around the fact /proc/self/fd
> can't be opened after dropping privileges.
> This proc behaviour doesn't match TLPI and might be a bug.
>
> Qemu has a slightly more complex fdset approach
> that provides fds with different access permissions.
I really don't like that you patch os_open_file(), this is a
generic function.
What about this one?
Allow ubda= (and all other UML block device kernel parameters) to
accept arguments like file:/foo/bar and fd:N.
Where N is a number and file: is default such that we do not break
old kernels.
Thanks,
//richard
> Signed-off-by: Gabriel de Perthuis <[email protected]>
> ---
> arch/um/os-Linux/file.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/arch/um/os-Linux/file.c b/arch/um/os-Linux/file.c
> index c17bd6f..cee65ba 100644
> --- a/arch/um/os-Linux/file.c
> +++ b/arch/um/os-Linux/file.c
> @@ -169,11 +169,11 @@ int os_file_mode(const char *file, struct openflags *mode_out)
> return err;
> }
>
> int os_open_file(const char *file, struct openflags flags, int mode)
> {
> - int fd, err, f = 0;
> + int fd, fd0, err, f = 0;
>
> if (flags.r && flags.w)
> f = O_RDWR;
> else if (flags.r)
> f = O_RDONLY;
> @@ -190,11 +190,15 @@ int os_open_file(const char *file, struct openflags flags, int mode)
> if (flags.e)
> f |= O_EXCL;
> if (flags.a)
> f |= O_APPEND;
>
> - fd = open64(file, f, mode);
> + if (!strncmp(file, "/dev/fd/", 8)
> + && sscanf(file, "/dev/fd/%d", &fd0) == 1)
> + fd = dup(fd0);
> + else
> + fd = open64(file, f, mode);
> if (fd < 0)
> return -errno;
>
> if (flags.cl && fcntl(fd, F_SETFD, 1)) {
> err = -errno;
> @@ -280,11 +284,11 @@ int os_file_size(const char *file, unsigned long long *size_out)
>
> if (S_ISBLK(buf.ust_mode)) {
> int fd;
> long blocks;
>
> - fd = open(file, O_RDONLY, 0);
> + fd = os_open_file(file, of_read(OPENFLAGS()), 0);
> if (fd < 0) {
> err = -errno;
> printk(UM_KERN_ERR "Couldn't open \"%s\", "
> "errno = %d\n", file, errno);
> return err;
>
Le dim. 28 juil. 2013 10:12:37 CEST, Richard Weinberger a écrit :
> Am 27.07.2013 17:23, schrieb Gabriel de Perthuis:
>> Useful for
>> * limiting privileges
>> * opening block devices O_EXCL
>
> So, the goal of this patch is to allow passing a file descriptor
> number as block device instead of a file?
Yes. It turns out it already works, but not after dropping privileges.
> I assume you have already a wrapper around UML which exec()'s it such that
> it can reuse a fd?
Yes, vido: https://github.com/g2p/vido
Here's the relevant commit:
https://github.com/g2p/vido/commit/42d4b86eab13d90ee63138b73146485dc4e47ec6
>> Use dup to work around the fact /proc/self/fd
>> can't be opened after dropping privileges.
>> This proc behaviour doesn't match TLPI and might be a bug.
>>
>> Qemu has a slightly more complex fdset approach
>> that provides fds with different access permissions.
>
> I really don't like that you patch os_open_file(), this is a
> generic function.
The justification was that it unbreaks open("/dev/fd") to be more like
standards suggest, but I can see how that makes it a special case.
> What about this one?
> Allow ubda= (and all other UML block device kernel parameters) to
> accept arguments like file:/foo/bar and fd:N.
> Where N is a number and file: is default such that we do not break
> old kernels.
Okay, I'll add a prefix. Maybe file:// + /abs/path | rel/path
since that's already standard.
Le 28/07/2013 12:25, Gabriel de Perthuis a écrit :
> Le dim. 28 juil. 2013 10:12:37 CEST, Richard Weinberger a écrit :
>> Am 27.07.2013 17:23, schrieb Gabriel de Perthuis:
>>> Useful for
>>> * limiting privileges
>>> * opening block devices O_EXCL
>>
>> So, the goal of this patch is to allow passing a file descriptor
>> number as block device instead of a file?
>
> Yes. It turns out it already works, but not after dropping privileges.
>
>> I assume you have already a wrapper around UML which exec()'s it such that
>> it can reuse a fd?
>
> Yes, vido: https://github.com/g2p/vido
>
> Here's the relevant commit:
> https://github.com/g2p/vido/commit/42d4b86eab13d90ee63138b73146485dc4e47ec6
>
>>> Use dup to work around the fact /proc/self/fd
>>> can't be opened after dropping privileges.
>>> This proc behaviour doesn't match TLPI and might be a bug.
>>>
>>> Qemu has a slightly more complex fdset approach
>>> that provides fds with different access permissions.
>>
>> I really don't like that you patch os_open_file(), this is a
>> generic function.
>
> The justification was that it unbreaks open("/dev/fd") to be more like
> standards suggest, but I can see how that makes it a special case.
>
>> What about this one?
>> Allow ubda= (and all other UML block device kernel parameters) to
>> accept arguments like file:/foo/bar and fd:N.
>> Where N is a number and file: is default such that we do not break
>> old kernels.
>
> Okay, I'll add a prefix. Maybe file:// + /abs/path | rel/path
> since that's already standard.
I've done some work on this approach, but it turns out to clash
with the cow syntax; in ubd0=file:cowfile, ":" is a path separator.
Changing things in ubd_kern.c is also more intrusive, even with
the limited goal of making it work for plain, non-cow files I
need to duplicate a few code paths to work with fds instead of
names and the diffstat is getting large.
Because of that I'd like to come back to /dev/fd/<n>.
It does overload the generic file opener, but does so consistently,
so that you can think of /dev/fd as a virtual filesystem.
The (arguably broken) /proc/self/fd behaviour remains available
through the /proc path.