[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-discuss] p9 security_model docs

From: anatoly techtonik
Subject: [Qemu-discuss] p9 security_model docs
Date: Mon, 16 May 2016 08:18:55 +0300


seems to be the official docs on folder sharing with libvirt/QEMU linked
from elsewhere on the internets.

I don't understand some things in it:

1. list of security_model attributes is nested under sock_fd=sock_fd. I
could probably fix it myself, but I couldn't find who to contact to add me to
wiki with "techtonik" name.

2. `squash` attribute is not present in description (available in virt-manager),
is it the same as `none` in wiki?

3. fs drivers `local`, `handle` and `proxy` are not documented and not linked

4. filesystem drivers in virt-manager are `default`, `handle` and `path`  - are
those the same as `local`, `default` and `proxy`?

5. how does `passthrough` work - does it use simple user name matching?
If I some image from network uses `root` user inside, will that user be able
to do nasty things on my host filesystem? If user doesn't exist on host, what
should happen?

6. related to previous question, how good is guest `root` user isolated in
subdirectory shared with host system if that `root` matches the `root` user
on host?

It would be great to see detailed explanation on that security models on wiki
page or linked from there.

anatoly t.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]