vhost-user-json-y += contrib/vhost-user-gpu/50-qemu-gpu.json
endif
-ifeq ($(CONFIG_SOFTMMU)$(CONFIG_LINUX)$(CONFIG_SECCOMP)$(CONFIG_LIBCAP_NG),yyyy)
-HELPERS-y += virtiofsd$(EXESUF)
-vhost-user-json-y += tools/virtiofsd/50-qemu-virtiofsd.json
-endif
-
# Sphinx does not allow building manuals into the same directory as
# the source files, so if we're doing an in-tree QEMU build we must
# build the manuals into a subdirectory (and then install them from
elf2dmp-obj-y \
ivshmem-client-obj-y \
ivshmem-server-obj-y \
- virtiofsd-obj-y \
rdmacm-mux-obj-y \
vhost-user-scsi-obj-y \
vhost-user-blk-obj-y \
rdmacm-mux$(EXESUF): $(rdmacm-mux-obj-y) $(COMMON_LDADDS)
$(call LINK, $^)
-# relies on Linux-specific syscalls
-ifeq ($(CONFIG_LINUX)$(CONFIG_SECCOMP)$(CONFIG_LIBCAP_NG),yyy)
-virtiofsd$(EXESUF): $(virtiofsd-obj-y) contrib/libvhost-user/libvhost-user.a $(COMMON_LDADDS)
- $(call LINK, $^)
-endif
-
vhost-user-gpu$(EXESUF): $(vhost-user-gpu-obj-y) contrib/libvhost-user/libvhost-user.a $(COMMON_LDADDS)
$(call LINK, $^)
rdmacm-mux-obj-y = contrib/rdmacm-mux/
vhost-user-input-obj-y = contrib/vhost-user-input/
vhost-user-gpu-obj-y = contrib/vhost-user-gpu/
-virtiofsd-obj-y = tools/virtiofsd/
######################################################################
fi
if test "$cap_ng" = "yes" ; then
echo "CONFIG_LIBCAP_NG=y" >> $config_host_mak
+ echo "LIBCAP_NG_LIBS=$cap_libs" >> $config_host_mak
fi
echo "CONFIG_AUDIO_DRIVERS=$audio_drv_list" >> $config_host_mak
for drv in $audio_drv_list; do
gnutls = declare_dependency(compile_args: config_host['GNUTLS_CFLAGS'].split(),
link_args: config_host['GNUTLS_LIBS'].split())
endif
+seccomp = not_found
+if 'CONFIG_SECCOMP' in config_host
+ seccomp = declare_dependency(compile_args: config_host['SECCOMP_CFLAGS'].split(),
+ link_args: config_host['SECCOMP_LIBS'].split())
+endif
+libcap_ng = not_found
+if 'CONFIG_LIBCAP_NG' in config_host
+ libcap_ng = declare_dependency(link_args: config_host['LIBCAP_NG_LIBS'].split())
+endif
target_dirs = config_host['TARGET_DIRS'].split()
have_user = false
endif
endif
+subdir('tools')
+
summary_info = {}
summary_info += {'Install prefix': config_host['prefix']}
summary_info += {'BIOS directory': config_host['qemu_datadir']}
--- /dev/null
+have_virtiofsd = (have_system and
+ have_tools and
+ 'CONFIG_LINUX' in config_host and
+ 'CONFIG_SECCOMP' in config_host and
+ 'CONFIG_LIBCAP_NG' in config_host and
+ 'CONFIG_VHOST_USER' in config_host)
+
+if have_virtiofsd
+ subdir('virtiofsd')
+endif
+++ /dev/null
-virtiofsd-obj-y = buffer.o \
- fuse_opt.o \
- fuse_log.o \
- fuse_lowlevel.o \
- fuse_signals.o \
- fuse_virtio.o \
- helper.o \
- passthrough_ll.o \
- seccomp.o
-
-seccomp.o-cflags := $(SECCOMP_CFLAGS)
-seccomp.o-libs := $(SECCOMP_LIBS)
--- /dev/null
+executable('virtiofsd', files(
+ 'buffer.c',
+ 'fuse_opt.c',
+ 'fuse_log.c',
+ 'fuse_lowlevel.c',
+ 'fuse_signals.c',
+ 'fuse_virtio.c',
+ 'helper.c',
+ 'passthrough_ll.c',
+ 'passthrough_seccomp.c'),
+ link_with: libvhost_user,
+ dependencies: [seccomp, qemuutil, libcap_ng],
+ install: true,
+ install_dir: get_option('libexecdir'))
+
+configure_file(input: '50-qemu-virtiofsd.json.in',
+ output: '50-qemu-virtiofsd.json',
+ configuration: config_host,
+ install_dir: config_host['qemu_datadir'] / 'vhost-user')
#include <unistd.h>
#include "passthrough_helpers.h"
-#include "seccomp.h"
+#include "passthrough_seccomp.h"
/* Keep track of inode posix locks for each owner. */
struct lo_inode_plock {
--- /dev/null
+/*
+ * Seccomp sandboxing for virtiofsd
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "qemu/osdep.h"
+#include "passthrough_seccomp.h"
+#include "fuse_i.h"
+#include "fuse_log.h"
+#include <errno.h>
+#include <glib.h>
+#include <seccomp.h>
+#include <stdlib.h>
+
+/* Bodge for libseccomp 2.4.2 which broke ppoll */
+#if !defined(__SNR_ppoll) && defined(__SNR_brk)
+#ifdef __NR_ppoll
+#define __SNR_ppoll __NR_ppoll
+#else
+#define __SNR_ppoll __PNR_ppoll
+#endif
+#endif
+
+static const int syscall_whitelist[] = {
+ /* TODO ireg sem*() syscalls */
+ SCMP_SYS(brk),
+ SCMP_SYS(capget), /* For CAP_FSETID */
+ SCMP_SYS(capset),
+ SCMP_SYS(clock_gettime),
+ SCMP_SYS(clone),
+#ifdef __NR_clone3
+ SCMP_SYS(clone3),
+#endif
+ SCMP_SYS(close),
+ SCMP_SYS(copy_file_range),
+ SCMP_SYS(dup),
+ SCMP_SYS(eventfd2),
+ SCMP_SYS(exit),
+ SCMP_SYS(exit_group),
+ SCMP_SYS(fallocate),
+ SCMP_SYS(fchdir),
+ SCMP_SYS(fchmod),
+ SCMP_SYS(fchmodat),
+ SCMP_SYS(fchownat),
+ SCMP_SYS(fcntl),
+ SCMP_SYS(fdatasync),
+ SCMP_SYS(fgetxattr),
+ SCMP_SYS(flistxattr),
+ SCMP_SYS(flock),
+ SCMP_SYS(fremovexattr),
+ SCMP_SYS(fsetxattr),
+ SCMP_SYS(fstat),
+ SCMP_SYS(fstatfs),
+ SCMP_SYS(fsync),
+ SCMP_SYS(ftruncate),
+ SCMP_SYS(futex),
+ SCMP_SYS(getdents),
+ SCMP_SYS(getdents64),
+ SCMP_SYS(getegid),
+ SCMP_SYS(geteuid),
+ SCMP_SYS(getpid),
+ SCMP_SYS(gettid),
+ SCMP_SYS(gettimeofday),
+ SCMP_SYS(getxattr),
+ SCMP_SYS(linkat),
+ SCMP_SYS(listxattr),
+ SCMP_SYS(lseek),
+ SCMP_SYS(madvise),
+ SCMP_SYS(mkdirat),
+ SCMP_SYS(mknodat),
+ SCMP_SYS(mmap),
+ SCMP_SYS(mprotect),
+ SCMP_SYS(mremap),
+ SCMP_SYS(munmap),
+ SCMP_SYS(newfstatat),
+ SCMP_SYS(open),
+ SCMP_SYS(openat),
+ SCMP_SYS(ppoll),
+ SCMP_SYS(prctl), /* TODO restrict to just PR_SET_NAME? */
+ SCMP_SYS(preadv),
+ SCMP_SYS(pread64),
+ SCMP_SYS(pwritev),
+ SCMP_SYS(pwrite64),
+ SCMP_SYS(read),
+ SCMP_SYS(readlinkat),
+ SCMP_SYS(recvmsg),
+ SCMP_SYS(renameat),
+ SCMP_SYS(renameat2),
+ SCMP_SYS(removexattr),
+ SCMP_SYS(rt_sigaction),
+ SCMP_SYS(rt_sigprocmask),
+ SCMP_SYS(rt_sigreturn),
+ SCMP_SYS(sendmsg),
+ SCMP_SYS(setresgid),
+ SCMP_SYS(setresuid),
+#ifdef __NR_setresgid32
+ SCMP_SYS(setresgid32),
+#endif
+#ifdef __NR_setresuid32
+ SCMP_SYS(setresuid32),
+#endif
+ SCMP_SYS(set_robust_list),
+ SCMP_SYS(setxattr),
+ SCMP_SYS(symlinkat),
+ SCMP_SYS(time), /* Rarely needed, except on static builds */
+ SCMP_SYS(tgkill),
+ SCMP_SYS(unlinkat),
+ SCMP_SYS(unshare),
+ SCMP_SYS(utimensat),
+ SCMP_SYS(write),
+ SCMP_SYS(writev),
+};
+
+/* Syscalls used when --syslog is enabled */
+static const int syscall_whitelist_syslog[] = {
+ SCMP_SYS(sendto),
+};
+
+static void add_whitelist(scmp_filter_ctx ctx, const int syscalls[], size_t len)
+{
+ size_t i;
+
+ for (i = 0; i < len; i++) {
+ if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) != 0) {
+ fuse_log(FUSE_LOG_ERR, "seccomp_rule_add syscall %d failed\n",
+ syscalls[i]);
+ exit(1);
+ }
+ }
+}
+
+void setup_seccomp(bool enable_syslog)
+{
+ scmp_filter_ctx ctx;
+
+#ifdef SCMP_ACT_KILL_PROCESS
+ ctx = seccomp_init(SCMP_ACT_KILL_PROCESS);
+ /* Handle a newer libseccomp but an older kernel */
+ if (!ctx && errno == EOPNOTSUPP) {
+ ctx = seccomp_init(SCMP_ACT_TRAP);
+ }
+#else
+ ctx = seccomp_init(SCMP_ACT_TRAP);
+#endif
+ if (!ctx) {
+ fuse_log(FUSE_LOG_ERR, "seccomp_init() failed\n");
+ exit(1);
+ }
+
+ add_whitelist(ctx, syscall_whitelist, G_N_ELEMENTS(syscall_whitelist));
+ if (enable_syslog) {
+ add_whitelist(ctx, syscall_whitelist_syslog,
+ G_N_ELEMENTS(syscall_whitelist_syslog));
+ }
+
+ /* libvhost-user calls this for post-copy migration, we don't need it */
+ if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOSYS),
+ SCMP_SYS(userfaultfd), 0) != 0) {
+ fuse_log(FUSE_LOG_ERR, "seccomp_rule_add userfaultfd failed\n");
+ exit(1);
+ }
+
+ if (seccomp_load(ctx) < 0) {
+ fuse_log(FUSE_LOG_ERR, "seccomp_load() failed\n");
+ exit(1);
+ }
+
+ seccomp_release(ctx);
+}
--- /dev/null
+/*
+ * Seccomp sandboxing for virtiofsd
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#ifndef VIRTIOFSD_SECCOMP_H
+#define VIRTIOFSD_SECCOMP_H
+
+#include <stdbool.h>
+
+void setup_seccomp(bool enable_syslog);
+
+#endif /* VIRTIOFSD_SECCOMP_H */
+++ /dev/null
-/*
- * Seccomp sandboxing for virtiofsd
- *
- * Copyright (C) 2019 Red Hat, Inc.
- *
- * SPDX-License-Identifier: GPL-2.0-or-later
- */
-
-#include "qemu/osdep.h"
-#include "seccomp.h"
-#include "fuse_i.h"
-#include "fuse_log.h"
-#include <errno.h>
-#include <glib.h>
-#include <seccomp.h>
-#include <stdlib.h>
-
-/* Bodge for libseccomp 2.4.2 which broke ppoll */
-#if !defined(__SNR_ppoll) && defined(__SNR_brk)
-#ifdef __NR_ppoll
-#define __SNR_ppoll __NR_ppoll
-#else
-#define __SNR_ppoll __PNR_ppoll
-#endif
-#endif
-
-static const int syscall_whitelist[] = {
- /* TODO ireg sem*() syscalls */
- SCMP_SYS(brk),
- SCMP_SYS(capget), /* For CAP_FSETID */
- SCMP_SYS(capset),
- SCMP_SYS(clock_gettime),
- SCMP_SYS(clone),
-#ifdef __NR_clone3
- SCMP_SYS(clone3),
-#endif
- SCMP_SYS(close),
- SCMP_SYS(copy_file_range),
- SCMP_SYS(dup),
- SCMP_SYS(eventfd2),
- SCMP_SYS(exit),
- SCMP_SYS(exit_group),
- SCMP_SYS(fallocate),
- SCMP_SYS(fchdir),
- SCMP_SYS(fchmod),
- SCMP_SYS(fchmodat),
- SCMP_SYS(fchownat),
- SCMP_SYS(fcntl),
- SCMP_SYS(fdatasync),
- SCMP_SYS(fgetxattr),
- SCMP_SYS(flistxattr),
- SCMP_SYS(flock),
- SCMP_SYS(fremovexattr),
- SCMP_SYS(fsetxattr),
- SCMP_SYS(fstat),
- SCMP_SYS(fstatfs),
- SCMP_SYS(fsync),
- SCMP_SYS(ftruncate),
- SCMP_SYS(futex),
- SCMP_SYS(getdents),
- SCMP_SYS(getdents64),
- SCMP_SYS(getegid),
- SCMP_SYS(geteuid),
- SCMP_SYS(getpid),
- SCMP_SYS(gettid),
- SCMP_SYS(gettimeofday),
- SCMP_SYS(getxattr),
- SCMP_SYS(linkat),
- SCMP_SYS(listxattr),
- SCMP_SYS(lseek),
- SCMP_SYS(madvise),
- SCMP_SYS(mkdirat),
- SCMP_SYS(mknodat),
- SCMP_SYS(mmap),
- SCMP_SYS(mprotect),
- SCMP_SYS(mremap),
- SCMP_SYS(munmap),
- SCMP_SYS(newfstatat),
- SCMP_SYS(open),
- SCMP_SYS(openat),
- SCMP_SYS(ppoll),
- SCMP_SYS(prctl), /* TODO restrict to just PR_SET_NAME? */
- SCMP_SYS(preadv),
- SCMP_SYS(pread64),
- SCMP_SYS(pwritev),
- SCMP_SYS(pwrite64),
- SCMP_SYS(read),
- SCMP_SYS(readlinkat),
- SCMP_SYS(recvmsg),
- SCMP_SYS(renameat),
- SCMP_SYS(renameat2),
- SCMP_SYS(removexattr),
- SCMP_SYS(rt_sigaction),
- SCMP_SYS(rt_sigprocmask),
- SCMP_SYS(rt_sigreturn),
- SCMP_SYS(sendmsg),
- SCMP_SYS(setresgid),
- SCMP_SYS(setresuid),
-#ifdef __NR_setresgid32
- SCMP_SYS(setresgid32),
-#endif
-#ifdef __NR_setresuid32
- SCMP_SYS(setresuid32),
-#endif
- SCMP_SYS(set_robust_list),
- SCMP_SYS(setxattr),
- SCMP_SYS(symlinkat),
- SCMP_SYS(time), /* Rarely needed, except on static builds */
- SCMP_SYS(tgkill),
- SCMP_SYS(unlinkat),
- SCMP_SYS(unshare),
- SCMP_SYS(utimensat),
- SCMP_SYS(write),
- SCMP_SYS(writev),
-};
-
-/* Syscalls used when --syslog is enabled */
-static const int syscall_whitelist_syslog[] = {
- SCMP_SYS(sendto),
-};
-
-static void add_whitelist(scmp_filter_ctx ctx, const int syscalls[], size_t len)
-{
- size_t i;
-
- for (i = 0; i < len; i++) {
- if (seccomp_rule_add(ctx, SCMP_ACT_ALLOW, syscalls[i], 0) != 0) {
- fuse_log(FUSE_LOG_ERR, "seccomp_rule_add syscall %d failed\n",
- syscalls[i]);
- exit(1);
- }
- }
-}
-
-void setup_seccomp(bool enable_syslog)
-{
- scmp_filter_ctx ctx;
-
-#ifdef SCMP_ACT_KILL_PROCESS
- ctx = seccomp_init(SCMP_ACT_KILL_PROCESS);
- /* Handle a newer libseccomp but an older kernel */
- if (!ctx && errno == EOPNOTSUPP) {
- ctx = seccomp_init(SCMP_ACT_TRAP);
- }
-#else
- ctx = seccomp_init(SCMP_ACT_TRAP);
-#endif
- if (!ctx) {
- fuse_log(FUSE_LOG_ERR, "seccomp_init() failed\n");
- exit(1);
- }
-
- add_whitelist(ctx, syscall_whitelist, G_N_ELEMENTS(syscall_whitelist));
- if (enable_syslog) {
- add_whitelist(ctx, syscall_whitelist_syslog,
- G_N_ELEMENTS(syscall_whitelist_syslog));
- }
-
- /* libvhost-user calls this for post-copy migration, we don't need it */
- if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOSYS),
- SCMP_SYS(userfaultfd), 0) != 0) {
- fuse_log(FUSE_LOG_ERR, "seccomp_rule_add userfaultfd failed\n");
- exit(1);
- }
-
- if (seccomp_load(ctx) < 0) {
- fuse_log(FUSE_LOG_ERR, "seccomp_load() failed\n");
- exit(1);
- }
-
- seccomp_release(ctx);
-}
+++ /dev/null
-/*
- * Seccomp sandboxing for virtiofsd
- *
- * Copyright (C) 2019 Red Hat, Inc.
- *
- * SPDX-License-Identifier: GPL-2.0-or-later
- */
-
-#ifndef VIRTIOFSD_SECCOMP_H
-#define VIRTIOFSD_SECCOMP_H
-
-#include <stdbool.h>
-
-void setup_seccomp(bool enable_syslog);
-
-#endif /* VIRTIOFSD_SECCOMP_H */
projects / qemu.git / commitdiff