[RFC PATCH 0/5] virtiofsd: Add notion of unprivileged mode
Daniel Berrange mentioned that having a unpriviliged mode in virtiofsd
might be useful for certain use cases. Hence I decided to give it
This is RFC patch series to allow running virtiofsd as unpriviliged
user. This is still work in progress. I am posting it to get
some early feedback.
These patches are dependent on Stefan's patch series for sandbox=chroot.
I can now run virtiofsd as user "test" and also export a directory
into a VM running as user test.
This is ideally for the cases where user "test" inside VM will operate
on this virtiofs mount point. Any filesystem operations which can't
be done with the creds of "test" user on host, will fail.
Vivek Goyal (5):
virtiofsd: Add notion of unprivileged mode
virtiofsd: create lock/pid file in per user cache dir
virtiofsd: open /proc/self/fd/ in sandbox=NONE mode
virtiofsd: Open lo->source while setting up root in sandbox=NONE mode
virtiofsd: Skip setup_capabilities() in sandbox=NONE mode
tools/virtiofsd/fuse_virtio.c | 40 ++++++++++++++++++++++++++++----
tools/virtiofsd/passthrough_ll.c | 29 ++++++++++++++++++++---
2 files changed, 61 insertions(+), 8 deletions(-)