In passthrough security model, following symbolic links in the server side could result in TOCTTOU vulnerabilities.
This patchset resolves this issue by creating a dedicated process which chroots into the share path and all file object access is done in the chroot environment. This patchset implements chroot enviroment, provides necessary functions that can be used by the passthrough function calls. Changes from version V2 * Treat socket IO errors as fatal, ie qemu will exit * Split patchset based on chroot side (server) and qemu side(client) functionalities This patchset is tested with fsstress, connectathon, Tuxera POSIX test suite and LTP FS testcases for all three security models. M. Mohan Kumar (8): Implement qemu_read_full Provide chroot environment server side interfaces Add client side interfaces for chroot environment Add support to open a file in chroot environment Create support in chroot environment Support for creating special files Move file post creation changes to none security model Chroot environment for other functions Makefile.objs | 1 + hw/9pfs/virtio-9p-chroot.c | 414 ++++++++++++++++++++++++++++++++++++++++ hw/9pfs/virtio-9p-chroot.h | 42 ++++ hw/9pfs/virtio-9p-local.c | 456 ++++++++++++++++++++++++++++++++++++-------- hw/9pfs/virtio-9p.c | 23 +++ hw/file-op-9p.h | 2 + osdep.c | 32 +++ qemu-common.h | 2 + 8 files changed, 891 insertions(+), 81 deletions(-) create mode 100644 hw/9pfs/virtio-9p-chroot.c create mode 100644 hw/9pfs/virtio-9p-chroot.h -- 1.7.3.4