On Wed, Dec 25, 2013 at 9:42 PM, Fam Zheng <address@hidden> wrote:
On 2013年12月21日 00:04, Peter Lieven wrote:
This patch adds native support for accessing images on NFS shares without
the requirement to actually mount the entire NFS share on the host.
NFS Images can simply be specified by an url of the form:
nfs://<host>/<export>/<filename>
For example:
qemu-img create -f qcow2 nfs://10.0.0.1/qemu-images/test.qcow2
You need LibNFS from Ronnie Sahlberg available at:
git://github.com/sahlberg/libnfs.git
for this to work.
During configure it is automatically probed for libnfs and support
is enabled on-the-fly. You can forbid or enforce libnfs support
with --disable-libnfs or --enable-libnfs respectively.
Due to NFS restrictions you might need to execute your binaries
as root, allow them to open priviledged ports (<1024) or specify
insecure option on the NFS server.
What are the error messages like, if no privilege. Is root always required
for this to work?
NFS servers often default to only allow client connections that
originates from a system port.
I know three different ways to solve this:
1, Run QEMU as root, which allows libnfs to bind to a system port.
This is probably suboptimal since I guess most people would want to
avoid running qemu as root if they can avoid it.
2, Change the NFS server to allow connections from nonsystem ports. On
linux NFS servers this is done by adding
"insecure" as the export option in /etc/exports.
This may be preferable to option 1 (since secure/insecure does not
really add much security in the first place).
3, Assign the capability to qemu to bind to system ports when running
as non-root user.
This is probably the most attractive option of the three.
You can still run qemu as non-root and you dont have to change the
security mode on the NFS server.
It is highly non-portable though and only work on platforms that
provide capabilities.
On linux you add this capability using :
sudo setcap 'cap_net_bind_service=+ep' /path/to/executable