[Libguestfs] Fwd: Re: VirtFS Query
Richard W.M. Jones
rjones at redhat.com
Thu Sep 29 18:58:47 UTC 2011
[CC'd to danpb]
On Thu, Sep 29, 2011 at 10:52:31PM +0530, Aneesh Kumar K.V wrote:
> On Thu, 29 Sep 2011 17:12:22 +0100, "Richard W.M. Jones" <rjones at redhat.com> wrote:
> > On Thu, Sep 29, 2011 at 09:19:03PM +0530, Harsh Bora wrote:
> > > Richard, FYI.
> > >
> > > On Wed, 28 Sep 2011 17:05:42 +0530, Harsh Bora
> > > <harsh at linux.vnet.ibm.com> wrote:
> > > >Hi Aneesh,
> > > >
> > > >Richard asked me if we have any plans to provide a solution for this use
> > > >case:
> > > >
> > > >https://www.redhat.com/archives/libguestfs/2011-September/msg00089.html
> > > >
> > > >IIUC, VirtFS as a rootfs is targeted towards this requirement only,
> > > >right? Any inputs ?
> > > >
> > >
> > > The right way to do this is to use a export path /guest and bind mount
> > > needed directories within. VirtFS just export /guest and everything
> > > works out easily. I already have autotest driving virtFS as root. So
> > > that works easily
> >
> > That's not going to work for us.
> >
> > Firstly bind mounting requires root, which is no good for libguestfs.
> >
>
> Another alternative suggested by pekka for tools/kvm (native linux kvm)
> is to create a directory layout as below
>
> in /guest1-export/
>
> bin -> /host/bin
> sbin -> /host/sbin
> usr -> /host/usr
> lib -> /host/lib
> etc
> proc
> var
> host
>
> and qemu starts with two export path /guest1-export as root and / of the
> common image (or host) as /host on guest. Now 9p resolves symbolic links
> in the guest. So which ever directory that need to be shared with host
> can have a symlink and everything works
I'm going to play with this later.
The downside is the whole of the host filesystem is exported to the
appliance, which is a security risk (compromised appliance can read
any file from the host).
Another thought related to symlinks: We could solve it with a "nest
of symlinks" in the host, eg:
/guest-export/usr/sbin/guestfs -> /our/own/guestfsd
/guest-export/usr/sbin/e2fsck -> /usr/sbin/e2fsck
[etc]
*if* 9p resolved *some* (but not all) symlinks in the host. Perhaps
we could mark the symlinks we want resolved on the host side using an
xattr?
> > Secondly there are no directories that we could bind mount. We really
> > need the flexibility outlined in that email. Just two examples of
> > this (there are more):
> >
> > - /usr/sbin in the appliance is not the same as /usr/sbin on the
> > host. The appliance version should contain a subset of the host
> > directory, plus at least one extra binary (/usr/sbin/guestfsd).
> >
> > - Because /etc files on the host can be arbitrarily modified, we need
> > to construct our own /etc directory, with files from the host and
> > files that we supply.
> >
> > What's may help here is some sort of plugin or passthrough mechanism
> > letting us add our own 9p server/plugin without pushing all the
> > complexity we need into qemu sources.
> >
> > More here:
> > http://libguestfs.org/febootstrap.8.html#supermin_appliances
>
> There is some level of plugability with VirtFS server already. You can
> look at virtio-9p-local.c, virtio-9p-handle.c and virtio-9p-synth.c in
> the example. git://repo.or.cz/qemu/v9fs.git
Thanks.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
More information about the Libguestfs
mailing list