-
Notifications
You must be signed in to change notification settings - Fork 29
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(sandbox): Add UhyveFileMap structure and sandbox
* Add --mount parameter for "whitelisting" guest_paths and defining their respective filesystem paths on the host FS * Add UhyveFileMap structure * Add sandbox support to open() syscall A few points that could be further worked are unit tests, handling more of the parsing using the clap library directly and performance optimizations. Helped-by: Çağatay Yiğit Şahin <[email protected]> Helped-by: Jonathan Klimt <[email protected]>
- Loading branch information
Showing
9 changed files
with
143 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
use std::{collections::HashMap, ffi::OsString, fs, path::PathBuf}; | ||
|
||
/// HashMap matching a path in the guest OS ([String]) a path in the host OS ([OsString]). | ||
pub struct UhyveFileMap { | ||
files: HashMap<String, OsString>, | ||
} | ||
|
||
impl UhyveFileMap { | ||
/// Creates a UhyveFileMap. | ||
/// | ||
/// Using a list of parameters stored in a [Vec<String>], this function creates | ||
/// a HashMap that can match a path on the host operating system given a path on | ||
/// the guest operating system. | ||
/// | ||
/// See [crate::hypercall::open] to see this in practice. | ||
/// | ||
/// * `parameters` - A list of parameters with the format `./host_path.txt:guest.txt` | ||
pub fn new(parameters: &[String]) -> Option<UhyveFileMap> { | ||
Some(UhyveFileMap { | ||
files: parameters | ||
.iter() | ||
.map(String::as_str) | ||
.map(Self::split_guest_and_host_path) | ||
.map(|(guest_path, host_path)| { | ||
( | ||
guest_path, | ||
fs::canonicalize(&host_path).map_or(host_path, PathBuf::into_os_string), | ||
) | ||
}) | ||
.collect(), | ||
}) | ||
} | ||
|
||
/// Separates a string of the format "./host_dir/host_path.txt:guest_path.txt" | ||
/// into a guest_path (String) and host_path (OsString) respectively. | ||
/// | ||
/// Keep in mind that the order of the parameters is the inverse of the one | ||
/// in the actual HashMap itself, as we want to use the guest_path as a key | ||
/// to look up the respective host_path, as well as provide an intuitive | ||
/// interface reminiscent of other VMMs like Docker's. | ||
/// | ||
/// `parameter` - A parameter of the format `./host_path.txt:guest.txt`. | ||
fn split_guest_and_host_path(parameter: &str) -> (String, OsString) { | ||
let mut partsiter = parameter.split(":"); | ||
|
||
// Mind the order. | ||
// TODO: Do this work using clap. | ||
let host_path = OsString::from(partsiter.next().unwrap()); | ||
let guest_path = partsiter.next().unwrap().to_owned(); | ||
|
||
(guest_path, host_path) | ||
} | ||
|
||
/// Returns a reference to the stored HashMap. | ||
/// | ||
/// This function is commonly used with get_key_value, using a String | ||
/// (that is read from a const char* in an `open()` call) as a key. | ||
pub fn get_paths(&self) -> &HashMap<String, OsString> { | ||
&self.files | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters