Re: [Qemu-devel] Idea: fuse-kvm filesystem

[Richard W.M. Jones]

On Thu, May 10, 2012 at 03:29:54PM +0300, Avi Kivity wrote:
> Currently when you mount a filesystem, you face two issues:
> - you have to be root
> - if the media is untrusted, it can exploit your kernel
> 
> With kvm and fuse, we can have a virtualized kernel mount the
> filesystem, and re-export to the host, which mounts it using a fuse
> interface.  This solves both problems, at the expense of speed and
> simplicity.  In theory this can be used for mounting untrusted USB
> sticks (perhaps only for the less well tested filesystems).

I guess you CC'd me so I could point out guestmount :-?

  http://libguestfs.org/guestmount.1.html

guestmount does the above already, and you can point it directly at
USB sticks, hard drives and the like, although most people use it for
mounting VM filesystems on the host.

On my local machine I'm a member of the "disk" group so I can do all
this as non-root:

  $ guestmount --ro -a /dev/vg_pin/F16x64 -i /tmp/mnt
  $ cat /tmp/mnt/etc/redhat-release 
  Fedora release 16 (Verne)
  $ ls /tmp/mnt
  bin   dev  home  lib64       media  opt   root  sbin     srv  tmp  var
  boot  etc  lib   lost+found  mnt    proc  run   selinux  sys  usr

One problem you'll find is that FUSE is pretty slow.  I recommend if
you're looking for performance that you use the libguestfs API calls
directly instead of POSIX-over-FUSE.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v