Hi Aaron, I'm still a little bit nervous about calling chown on a (partially) user controlled file name.
Before moving forward I wanted to discuss a couple of other options: * Ansis (in CC) suggested using -runas parameter in qemu. This way qemu can open the socket as root and drop privileges before starting guest execution. * Instead of changing the owner of the socket, we could create it as a different user using setfsgid() or seteuid() system call. I'm not sure whether this is doable, we need to make sure that rte_vhost_driver_register() can run with reduced privileges and that the system calls play nicely with other threads. What do you guys think? Thanks, Daniele On 20/05/2016 13:32, "Aaron Conole" <acon...@redhat.com> wrote: >Currently, when dpdkvhostuser devices are created, they inherit whatever the >running umask and uid/gid of the vswitchd process. This leads to difficulties >when using vhost_user consumers (such as qemu). > >This patch introduces two new database entries, 'vhost-sock-owner' to set the >ownership, and 'vhost-sock-perms' to set the permissions bits for the >vhost_user sockets. > >Signed-off-by: Aaron Conole <acon...@redhat.com> >--- >v1->v2: >* Rebased to latest > > INSTALL.DPDK.md | 7 +++++++ > NEWS | 2 ++ > lib/netdev-dpdk.c | 26 +++++++++++++++++++++++--- > vswitchd/vswitch.xml | 23 +++++++++++++++++++++++ > 4 files changed, 55 insertions(+), 3 deletions(-) > >diff --git a/INSTALL.DPDK.md b/INSTALL.DPDK.md >index 93f92e4..5debcd1 100644 >--- a/INSTALL.DPDK.md >+++ b/INSTALL.DPDK.md >@@ -180,6 +180,13 @@ Using the DPDK with ovs-vswitchd: > * vhost-sock-dir > Option to set the path to the vhost_user unix socket files. > >+ * vhost-sock-owner >+ Option to set the owner of the vhost_user unix socket files. >+ >+ * vhost-sock-perms >+ Option to set the DAC permissions of the vhost_user unix socket >+ files. >+ > NOTE: Changing any of these options requires restarting the ovs-vswitchd > application. > >diff --git a/NEWS b/NEWS >index 4e81cad..807d4bf 100644 >--- a/NEWS >+++ b/NEWS >@@ -32,6 +32,8 @@ Post-v2.5.0 > * DB entries have been added for many of the DPDK EAL command line > arguments. Additional arguments can be passed via the dpdk-extra > entry. >+ * New database options 'vhost-sock-owner' and 'vhost-sock-perms' for >+ setting vhost_user unix socket file ownership and permissions. > - ovs-benchmark: This utility has been removed due to lack of use and > bitrot. > - ovs-appctl: >diff --git a/lib/netdev-dpdk.c b/lib/netdev-dpdk.c >index 87879d5..d405e66 100644 >--- a/lib/netdev-dpdk.c >+++ b/lib/netdev-dpdk.c >@@ -31,6 +31,7 @@ > #include <sys/stat.h> > #include <getopt.h> > >+#include "chutil.h" > #include "dirs.h" > #include "dp-packet.h" > #include "dpif-netdev.h" >@@ -140,6 +141,10 @@ BUILD_ASSERT_DECL((MAX_NB_MBUF / >ROUND_DOWN_POW2(MAX_NB_MBUF/MIN_NB_MBUF)) > static char *cuse_dev_name = NULL; /* Character device cuse_dev_name. */ > #endif > static char *vhost_sock_dir = NULL; /* Location of vhost-user sockets */ >+static char *vhost_sock_def_owner = NULL; /* Default owner of vhost-user >+ sockets*/ >+static char *vhost_sock_def_perms = NULL; /* Default permissions of >+ vhost-user sockets */ > > /* > * Maximum amount of time in micro seconds to try and enqueue to vhost. >@@ -872,6 +877,16 @@ netdev_dpdk_vhost_user_construct(struct netdev *netdev) > } > > ovs_mutex_unlock(&dpdk_mutex); >+ if (!err && vhost_sock_def_owner && >+ (err = ovs_chown(dev->vhost_id, vhost_sock_def_owner))) { >+ VLOG_ERR("vhost-user socket device ownership change failed."); >+ } >+ >+ if (!err && vhost_sock_def_perms && >+ (err = ovs_chmod(dev->vhost_id, vhost_sock_def_perms))) { >+ VLOG_ERR("vhost-user socket device permission change failed."); >+ } >+ > return err; > } > >@@ -3098,8 +3113,8 @@ dpdk_init__(const struct smap *ovs_other_config) > VLOG_INFO("DPDK Enabled, initializing"); > > #ifdef VHOST_CUSE >- if (process_vhost_flags("cuse-dev-name", xstrdup("vhost-net"), >- PATH_MAX, ovs_other_config, &cuse_dev_name)) { >+ process_vhost_flags("cuse-dev-name", xstrdup("vhost-net"), >+ PATH_MAX, ovs_other_config, &cuse_dev_name); > #else > if (process_vhost_flags("vhost-sock-dir", xstrdup(ovs_rundir()), > NAME_MAX, ovs_other_config, >@@ -3123,9 +3138,14 @@ dpdk_init__(const struct smap *ovs_other_config) > free(sock_dir_subcomponent); > } else { > vhost_sock_dir = sock_dir_subcomponent; >-#endif > } > >+ process_vhost_flags("vhost-sock-owner", NULL, NAME_MAX, ovs_other_config, >+ &vhost_sock_def_owner); >+ process_vhost_flags("vhost-sock-perms", NULL, NAME_MAX, ovs_other_config, >+ &vhost_sock_def_perms); >+#endif >+ > /* Get the main thread affinity */ > CPU_ZERO(&cpuset); > err = pthread_getaffinity_np(pthread_self(), sizeof(cpu_set_t), >diff --git a/vswitchd/vswitch.xml b/vswitchd/vswitch.xml >index 944d8ec..0553d5a 100644 >--- a/vswitchd/vswitch.xml >+++ b/vswitchd/vswitch.xml >@@ -311,6 +311,29 @@ > </p> > </column> > >+ <column name="other_config" key="vhost-sock-owner" >+ type='{"type": "string"}'> >+ <p> >+ Specifies the owner of the vhost-user unix domain socket files. >+ </p> >+ <p> >+ The default is to inherit from the running user and group id's. The >+ argument is specified in the same form as the 'chown' unix utility. >+ </p> >+ </column> >+ >+ <column name="other_config" key="vhost-sock-perms" >+ type='{"type": "string"}'> >+ <p> >+ Specifies the permissions for the vhost-user unix domain socket >+ files. >+ </p> >+ <p> >+ The default is derived from the running mask. The argument is >+ specified in the same form as the 'chmod' unix utility. >+ </p> >+ </column> >+ > <column name="other_config" key="n-handler-threads" > type='{"type": "integer", "minInteger": 1}'> > <p> >-- >2.5.5 > _______________________________________________ dev mailing list dev@openvswitch.org http://openvswitch.org/mailman/listinfo/dev