[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH 0/5] virtiofsd: Add notion of unprivileged mode
|
From: |
Vivek Goyal |
|
Subject: |
[RFC PATCH 0/5] virtiofsd: Add notion of unprivileged mode |
|
Date: |
Wed, 29 Jul 2020 18:14:05 -0400 |
Hi,
Daniel Berrange mentioned that having a unpriviliged mode in virtiofsd
might be useful for certain use cases. Hence I decided to give it
a try.
This is RFC patch series to allow running virtiofsd as unpriviliged
user. This is still work in progress. I am posting it to get
some early feedback.
These patches are dependent on Stefan's patch series for sandbox=chroot.
https://www.redhat.com/archives/virtio-fs/2020-July/msg00078.html
I can now run virtiofsd as user "test" and also export a directory
into a VM running as user test.
This is ideally for the cases where user "test" inside VM will operate
on this virtiofs mount point. Any filesystem operations which can't
be done with the creds of "test" user on host, will fail.
Thanks
Vivek
Vivek Goyal (5):
virtiofsd: Add notion of unprivileged mode
virtiofsd: create lock/pid file in per user cache dir
virtiofsd: open /proc/self/fd/ in sandbox=NONE mode
virtiofsd: Open lo->source while setting up root in sandbox=NONE mode
virtiofsd: Skip setup_capabilities() in sandbox=NONE mode
tools/virtiofsd/fuse_virtio.c | 40 ++++++++++++++++++++++++++++----
tools/virtiofsd/passthrough_ll.c | 29 ++++++++++++++++++++---
2 files changed, 61 insertions(+), 8 deletions(-)
--
2.25.4
- [RFC PATCH 0/5] virtiofsd: Add notion of unprivileged mode,
Vivek Goyal <=
- [PATCH 1/5] virtiofsd: Add notion of unprivileged mode, Vivek Goyal, 2020/07/29
- [PATCH 2/5] virtiofsd: create lock/pid file in per user cache dir, Vivek Goyal, 2020/07/29
- [PATCH 4/5] virtiofsd: Open lo->source while setting up root in sandbox=NONE mode, Vivek Goyal, 2020/07/29
- [PATCH 3/5] virtiofsd: open /proc/self/fd/ in sandbox=NONE mode, Vivek Goyal, 2020/07/29
- [PATCH 5/5] virtiofsd: Skip setup_capabilities() in sandbox=NONE mode, Vivek Goyal, 2020/07/29