[fedora-virt] libguestfs best practices: Exposing files from the host for the duration of a session

Charles Duffy charles at dyfis.net
Fri May 29 07:46:28 UTC 2009

Michael Ansel wrote:
> 1) root (UID=0, everywhere) is the only one installing packages, so
> the UID mapping lines up perfectly every time
libguestfs in general, and host filesystem access in particular, is good 
for more than just installing packages, though admittedly that's my 
immediate use case.

> 2) you only need root access on the host once when you are building
> the VM; you don't need NFS after it is already built
Even if there were no use case for access to files off the host other 
than early installation --

Why is it acceptable for libguestfs to require root access *ever*, when 
so many alternate transport mechanisms (9p, ccgfs, FTP, qemu's built in 
smb, etc) are available which wouldn't create this constraint?

If I'm building a piece of software invoked by untrusted users in a lab 
environment, I don't want that software to need, or have any means to 
access, root. Ever. For anything, at all.

By the way -- I'm tired too (normal wakeup time in ~3.25 hours), so 
please excuse my tone if it's a bit harsh.

More information about the Fedora-virt mailing list