conf: Introduce <sandbox mode='chroot'/> for <filesystem><binary>

This adds a new XML element

<filesystem>
  <binary>
    <sandbox mode='chroot|namespace'/>
  </binary>
</filesystem>

This will be used by qemu virtiofs

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Cole Robinson <crobinso@redhat.com>

diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 4528e172ecdf4f11e8486d35cc85e2dde9916859..1b9b2216111c16a8173660b76ee13b0401e25da6 100644 (file)
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3236,6 +3236,7 @@ A directory on the host that can be accessed directly from the guest.
          <driver type='virtiofs' queue='1024'/>
          <binary path='/usr/libexec/virtiofsd' xattr='on'>
             <cache mode='always'/>
+            <sandbox mode='namespace'/>
             <lock posix='on' flock='on'/>
          </binary>
          <source dir='/path'/>
@@ -3360,6 +3361,11 @@ A directory on the host that can be accessed directly from the guest.
    ``cache`` element, possible ``mode`` values being ``none`` and ``always``.
    Locking can be controlled via the ``lock`` element - attributes ``posix`` and
    ``flock`` both accepting values ``on`` or ``off``. ( :since:`Since 6.2.0` )
+   The sandboxing method used by virtiofsd can be configured with the ``sandbox``
+   element, possible ``mode`` values being ``namespace`` and
+   ``chroot``, see the
+   `virtiofsd documentation <https://qemu.readthedocs.io/en/latest/tools/virtiofsd.html>`__
+   for more details. ( :since:`Since 7.2.0` )
 ``source``
    The resource on the host that is being accessed in the guest. The ``name``
    attribute must be used with ``type='template'``, and the ``dir`` attribute

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 046f17b3ae021695ffb98a92be5efdf9d6cfc9ba..a2e5c50c1d778d6995f172dc57706a70a8836a0c 100644 (file)
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2984,6 +2984,18 @@
             </optional>
           </element>
         </optional>
+        <optional>
+          <element name="sandbox">
+            <optional>
+              <attribute name="mode">
+                <choice>
+                  <value>namespace</value>
+                  <value>chroot</value>
+                </choice>
+              </attribute>
+            </optional>
+          </element>
+        </optional>
         <optional>
           <element name="lock">
             <optional>

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 0a00be4e8024507c9bdd51c9882fd3757bfcca19..f8a462fb3b996ff5e69656e61c5779d8258cf073 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -540,6 +540,13 @@ VIR_ENUM_IMPL(virDomainFSCacheMode,
               "always",
 );
 
+VIR_ENUM_IMPL(virDomainFSSandboxMode,
+              VIR_DOMAIN_FS_SANDBOX_MODE_LAST,
+              "default",
+              "namespace",
+              "chroot",
+);
+
 
 VIR_ENUM_IMPL(virDomainNet,
               VIR_DOMAIN_NET_TYPE_LAST,
@@ -10114,6 +10121,7 @@ virDomainFSDefParseXML(virDomainXMLOption *xmlopt,
         g_autofree char *binary = virXPathString("string(./binary/@path)", ctxt);
         g_autofree char *xattr = virXPathString("string(./binary/@xattr)", ctxt);
         g_autofree char *cache = virXPathString("string(./binary/cache/@mode)", ctxt);
+        g_autofree char *sandbox = virXPathString("string(./binary/sandbox/@mode)", ctxt);
         g_autofree char *posix_lock = virXPathString("string(./binary/lock/@posix)", ctxt);
         g_autofree char *flock = virXPathString("string(./binary/lock/@flock)", ctxt);
         int val;
@@ -10147,6 +10155,16 @@ virDomainFSDefParseXML(virDomainXMLOption *xmlopt,
             def->cache = val;
         }
 
+        if (sandbox) {
+            if ((val = virDomainFSSandboxModeTypeFromString(sandbox)) <= 0) {
+                virReportError(VIR_ERR_XML_ERROR,
+                               _("cannot parse sandbox mode '%s' for virtiofs"),
+                               sandbox);
+                goto error;
+            }
+            def->sandbox = val;
+        }
+
         if (posix_lock) {
             if ((val = virTristateSwitchTypeFromString(posix_lock)) <= 0) {
                 virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
@@ -25176,6 +25194,11 @@ virDomainFSDefFormat(virBuffer *buf,
                               virDomainFSCacheModeTypeToString(def->cache));
         }
 
+        if (def->sandbox != VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) {
+            virBufferAsprintf(&binaryBuf, "<sandbox mode='%s'/>\n",
+                              virDomainFSSandboxModeTypeToString(def->sandbox));
+        }
+
         if (def->posix_lock != VIR_TRISTATE_SWITCH_ABSENT) {
             virBufferAsprintf(&lockAttrBuf, " posix='%s'",
                               virTristateSwitchTypeToString(def->posix_lock));

diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 4d1826362f524753fcda079d39f2373fdbe17576..7688f17b18cd2e34e7c053c7b21196a3f4b2d1a6 100644 (file)
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -849,6 +849,14 @@ typedef enum {
     VIR_DOMAIN_FS_CACHE_MODE_LAST
 } virDomainFSCacheMode;
 
+typedef enum {
+    VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT = 0,
+    VIR_DOMAIN_FS_SANDBOX_MODE_NAMESPACE,
+    VIR_DOMAIN_FS_SANDBOX_MODE_CHROOT,
+
+    VIR_DOMAIN_FS_SANDBOX_MODE_LAST
+} virDomainFSSandboxMode;
+
 struct _virDomainFSDef {
     int type;
     int fsdriver; /* enum virDomainFSDriverType */
@@ -874,6 +882,7 @@ struct _virDomainFSDef {
     virDomainFSCacheMode cache;
     virTristateSwitch posix_lock;
     virTristateSwitch flock;
+    virDomainFSSandboxMode sandbox;
     virDomainVirtioOptions *virtio;
     virObject *privateData;
 };
@@ -3797,6 +3806,7 @@ VIR_ENUM_DECL(virDomainFSAccessMode);
 VIR_ENUM_DECL(virDomainFSWrpolicy);
 VIR_ENUM_DECL(virDomainFSModel);
 VIR_ENUM_DECL(virDomainFSCacheMode);
+VIR_ENUM_DECL(virDomainFSSandboxMode);
 VIR_ENUM_DECL(virDomainNet);
 VIR_ENUM_DECL(virDomainNetBackend);
 VIR_ENUM_DECL(virDomainNetVirtioTxMode);

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index abd3dc4bd1f2a82b2be42c189e7f39e6d7d46dcb..e9bb23913c25e97b827640db9c71f959bdabffd4 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -415,6 +415,7 @@ virDomainFSDriverTypeToString;
 virDomainFSIndexByName;
 virDomainFSInsert;
 virDomainFSRemove;
+virDomainFSSandboxModeTypeToString;
 virDomainFSTypeFromString;
 virDomainFSTypeToString;
 virDomainFSWrpolicyTypeFromString;

diff --git a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
index 2277850c2c56b8e77eb6bd15fbd9dffe74c4f724..abddf0870b0cc1c8037ab769adc87c1b2e1b12ad 100644 (file)
--- a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
+++ b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
@@ -30,6 +30,7 @@
       <driver type='virtiofs' queue='1024'/>
       <binary path='/usr/libexec/virtiofsd' xattr='on'>
         <cache mode='always'/>
+        <sandbox mode='chroot'/>
         <lock posix='off' flock='off'/>
       </binary>
       <source dir='/path'/>