Source: libvirt Followup-For: Bug #781283 I have managed to workaround this issue with the following settings in /etc/libvirt/qemu.conf:
clear_emulator_capabilities = 0 user = "root" group = "root" This is tested using a KVM virtual machine (Debian Stretch) with the following definintion: <filesystem type='mount' accessmode='passthrough'> <source dir='/mnt/share'/> <target dir='share'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/> </filesystem> and the following /etc/fstab entry share /mnt/share/ 9p rw,nodev,relatime,sync,dirsync,access=client,trans=virtio 0 0 I tried a number of different permission settings before disabling clear_emulator_capabilities. However, this was the only way to permit permission changes to files or normal users (apart from root) to own files. I am concerned by the potential security implications of this change as it may expose higher privileges for the guest KVM machines. It would be great if there were a way to support 9pfs passthrough without escalating privilegs using this setting. -- System Information: Debian Release: 9.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (450, 'stable'), (10, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-6-amd64 (SMP w/40 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)