-z and zallowed, replaces -r - - vx32 - Local 9vx git repository for patches.
(HTM) git clone git://r-36.net/vx32
(DIR) Log
(DIR) Files
(DIR) Refs
---
(DIR) commit e00ce4291c4d2dde7b71b0a13cdbdc4c6adf0b01
(DIR) parent cb3b1c9b7ed764eca16bb77594c51b6ab4365ec2
(HTM) Author: Jesus Galan Lopez (yiyus) <yiyu.jgl@gmail.com>
Date: Sat, 18 Sep 2010 14:45:27 +0200
-z and zallowed, replaces -r -
Diffstat:
M doc/9vx.1 | 16 +++++++++-------
M src/9vx/conf.c | 6 ++++--
M src/9vx/conf.h | 2 +-
M src/9vx/devfs-posix.c | 6 +++++-
M src/9vx/main.c | 21 +++++++--------------
5 files changed, 26 insertions(+), 25 deletions(-)
---
(DIR) diff --git a/doc/9vx.1 b/doc/9vx.1
@@ -74,17 +74,13 @@ One or more
arguments will be passed to boot/boot as explained in boot(8), with
the addition that the local method also supports local directories,
as well as fossil, kfs, iso9660 and bz2 files.
+The files in the host file system can be accessed from inside 9vx through
+.I #Z.
The
.I -r
option sets
.I nobootprompt=local!#Z/localroot
-to boot from a local directory or file containing a Plan 9 tree
-(the host file server can be accessed
-from inside through
-.I #Z,
-unless localroot is set to
-.L -
-).
+to boot from a local directory or file containing a Plan 9 tree.
By default nobootprompt is set to local!/boot/rootfs.bz2, this file
includes a very minimal system.
If an
@@ -141,6 +137,11 @@ the network stack of the host system will be used.
Use the hardware address
.I macaddress
for the last given virtual network device.
+.TP
+.BI -z " zallowed"
+Do not allow access to host files in #Z whose path does not begin with
+.I zallowed
+(/ by default).
.SS 9vx.ini configuration files
Configuration parameters can also be given to
.I 9vx
@@ -164,6 +165,7 @@ pairs in a similar fasion to plan9.ini(8). Additional options are
.I netdev,
.I macaddr
(that can also be part of a netdev line),
+.I zallowed.
.I localroot.
.I initcmd.
and
(DIR) diff --git a/src/9vx/conf.c b/src/9vx/conf.c
@@ -155,6 +155,8 @@ iniopt(char *name, char *value)
setmac(value);
else if(strcmp(name, "localroot") == 0 && !localroot)
localroot = value;
+ else if(strcmp(name, "zallowed") == 0 && !zallowed)
+ zallowed = value;
else if(strcmp(name, "user") == 0 && !username)
username = value;
else if(strcmp(name, "initcmd") == 0 && !initcmd)
@@ -192,10 +194,10 @@ printconfig(char *argv0){
if(ve[i].mac != nil)
print(" -a %s", ve[i].mac);
}
+ if(zallowed)
+ print(" -z %s", zallowed);
if(localroot)
print(" -r %s", localroot);
- else if(!fsdev)
- print(" -r -");
print(" -u %s", username);
if(initcmd)
print(" -e %s", initcmd);
(DIR) diff --git a/src/9vx/conf.h b/src/9vx/conf.h
@@ -5,7 +5,6 @@
char inibuf[BOOTARGSLEN];
char *iniline[MAXCONF];
int cpulimit; /* max cpu usage */
-int fsdev; /* create fs device */
int initrc; /* run rc instead of init */
int nofork; /* do not fork at init */
int nogui; /* do not start the gui */
@@ -16,6 +15,7 @@ char** bootargv;
char* initcmd;
char* inifile;
char* localroot;
+char* zallowed;
char* username;
int readini(char *fn);
(DIR) diff --git a/src/9vx/devfs-posix.c b/src/9vx/devfs-posix.c
@@ -33,6 +33,7 @@ enum
FsChar = 'Z',
};
+extern char *zallowed;
extern Path *addelem(Path*, char*, Chan*);
static char *uidtoname(int);
static char *gidtoname(int);
@@ -355,12 +356,15 @@ fsopen(Chan *c, int mode)
if(Trace)
print("fsopen %s %#x\n", ufd->path->s, mode);
+ /* protect files whose path does not begin with zallowed */
+ if(strncmp(ufd->path->s, zallowed, strlen(zallowed)) != 0)
+ error(Eperm);
+
if(mode & ~(OTRUNC|ORCLOSE|3))
error(Ebadarg);
if((c->qid.type & QTDIR) && mode != OREAD)
error(Eperm);
-
if((c->qid.type&QTDIR) && mode != OREAD)
error(Eperm);
(DIR) diff --git a/src/9vx/main.c b/src/9vx/main.c
@@ -96,7 +96,6 @@ main(int argc, char **argv)
quotefmtinstall();
cpulimit = 0;
- fsdev = 1;
inifile = nil;
memset(iniline, 0, MAXCONF);
memmb = 0;
@@ -104,6 +103,7 @@ main(int argc, char **argv)
nofork = 0;
nve = 0;
usetty = 0;
+ zallowed = "/";
ARGBEGIN{
/* debugging options */
case '1':
@@ -180,11 +180,14 @@ main(int argc, char **argv)
case 'r':
localroot = EARGF(usage());
break;
+ case 't':
+ usetty = 1;
+ break;
case 'u':
username = EARGF(usage());
break;
- case 't':
- usetty = 1;
+ case 'z':
+ zallowed = EARGF(usage());
break;
default:
usage();
@@ -197,22 +200,12 @@ main(int argc, char **argv)
bootargv = argv;
/*
* bootargs have preference over -r
- * if localroot is -, keep it for printconfig
*/
- if(bootargc > 0 && localroot && strcmp(localroot, "-") != 0)
+ if(bootargc > 0)
localroot = nil;
inifields(&iniopt);
- if(localroot && strcmp(localroot, "-") == 0){
- fsdev = 0;
- localroot = nil;
- // remove #Z device from devtab
- for(int i=0; devtab[i] && devtab[i] != &fsdevtab; i++)
- if(devtab[i] == &fsdevtab)
- devtab[i] = 0;
- }
-
if(username == nil && (username = getuser()) == nil)
username = "tor";
eve = strdup(username);