virtiofsd: Add notion of unprivileged mode

[RFC PATCH 0/5] virtiofsd: Add notion of unprivileged mode

Vivek Goyal posted 5 patches 3 years, 8 months ago

Download series mbox

Failed in applying to current master (apply log)

tools/virtiofsd/fuse_virtio.c    | 40 ++++++++++++++++++++++++++++----
tools/virtiofsd/passthrough_ll.c | 29 ++++++++++++++++++++---
2 files changed, 61 insertions(+), 8 deletions(-)

Expand all Fold all

[RFC PATCH 0/5] virtiofsd: Add notion of unprivileged mode

Posted by Vivek Goyal 3 years, 8 months ago

Hi,

Daniel Berrange mentioned that having a unpriviliged mode in virtiofsd 
might be useful for certain use cases. Hence I decided to give it
a try.

This is RFC patch series to allow running virtiofsd as unpriviliged
user. This is still work in progress. I am posting it to get
some early feedback.

These patches are dependent on Stefan's patch series for sandbox=chroot.

https://www.redhat.com/archives/virtio-fs/2020-July/msg00078.html

I can now run virtiofsd as user "test" and also export a directory
into a VM running as user test.

This is ideally for the cases where user "test" inside VM will operate
on this virtiofs mount point. Any filesystem operations which can't
be done with the creds of "test" user on host, will fail.

Thanks
Vivek

Vivek Goyal (5):
  virtiofsd: Add notion of unprivileged mode
  virtiofsd: create lock/pid file in per user cache dir
  virtiofsd: open /proc/self/fd/ in sandbox=NONE mode
  virtiofsd: Open lo->source while setting up root in sandbox=NONE mode
  virtiofsd: Skip setup_capabilities() in sandbox=NONE mode

 tools/virtiofsd/fuse_virtio.c    | 40 ++++++++++++++++++++++++++++----
 tools/virtiofsd/passthrough_ll.c | 29 ++++++++++++++++++++---
 2 files changed, 61 insertions(+), 8 deletions(-)

-- 
2.25.4