[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [RFC] memory-backend-file/nvdimm: support read-only files a
|
From: |
Julio Montes |
|
Subject: |
[Qemu-devel] [RFC] memory-backend-file/nvdimm: support read-only files as memory-backends |
|
Date: |
Mon, 8 Jul 2019 21:19:36 +0000 |
Currently is not possible to use a file that is part of a read-only
filesystem as memory backend for nvdimm devices, even if this is not modified
in the guest. In order to improve the security of Virtual Machines that share
and do not modify the memory-backend-file, QEMU should support
read-only memory-backeds.
Use case:
* Kata Containers use a memory-backed-file as read-only rootfs, and this
file is used to start all the virtual machines in the node.
It would be really bad if somehow a malicious container modified it.
Signed-off-by: Julio Montes <address@hidden>
---
exec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/exec.c b/exec.c
index 50ea9c5aaa..1eb170b55a 100644
--- a/exec.c
+++ b/exec.c
@@ -1852,6 +1852,12 @@ static int file_ram_open(const char *path,
break;
}
g_free(filename);
+ } else if (errno == EROFS) {
+ fd = open(path, O_RDONLY);
+ if (fd >= 0) {
+ /* @path names an existing read-only file, use it */
+ break;
+ }
}
if (errno != EEXIST && errno != EINTR) {
error_setg_errno(errp, errno,
--
2.17.2
- [Qemu-devel] [RFC] memory-backend-file/nvdimm: support read-only files as memory-backends,
Julio Montes <=