Thank you so much!!! We are using the Rust version now. I will try out the suggestions below. Thanks for the guidance. ________________________________ From: Vivek Goyal <vgo...@redhat.com> Sent: Tuesday, July 12, 2022 12:37 PM To: Pra.. Dew.. <linux_lear...@outlook.com> Cc: virtio-fs@redhat.com <virtio-fs@redhat.com> Subject: Re: [Virtio-fs] Ownership of a file shared between guest and host
On Fri, Jul 08, 2022 at 08:18:19PM +0000, Pra.. Dew.. wrote: > We have been able to setup virtiofs between guest and host (QEMU 6.2/Linux > 5.15). We run virtiofsd as a non-root user in the host. We did not want to > run it as a root user in order to minimize the attack surface. We run it as a > virtiofs user. When we create a file in the shared folder, the permission of > the file is virtiofs user and virtiofs group. When we read that file from the > guest it shows virtiofs user (only the uid) and nobody group. The goal is to > restrict the access of the file to a few services in the guest (not give > access to all services). We tried to create a group in the guest and tried to > move the file in the new group. However chown gives "bad descriptor." Is > there a better way of doing this? Any input is really appreciated. Thank you > so much! Hi, Are you using C version of virtiofsd (from qemu) or rust version of virtiofsd found here. https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgitlab.com%2Fvirtio-fs%2Fvirtiofsd&data=05%7C01%7C%7C66056c4b61b0405d2a7008da640357c8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637932262768755509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=VFeOhTiZfwYU5QK4XNjRx%2F3WqfDyiI60v%2FV1x9UJD%2BU%3D&reserved=0 I would recommend using rust version of virtiofsd now and as German suggested in another email, let unprivileged user launch a user namespace and run virtiofsd inside that. That should allow you to do arbitrary uid/gid switching inside guest. Thanks Vivek > _______________________________________________ > Virtio-fs mailing list > Virtio-fs@redhat.com > https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flistman.redhat.com%2Fmailman%2Flistinfo%2Fvirtio-fs&data=05%7C01%7C%7C66056c4b61b0405d2a7008da640357c8%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C637932262768755509%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=q%2FAbKkN3lnMCLaOo8bO6ZCpjxes%2BJcvTnqY7y3JFFa0%3D&reserved=0
_______________________________________________ Virtio-fs mailing list Virtio-fs@redhat.com https://listman.redhat.com/mailman/listinfo/virtio-fs
