[Virtio-fs] [PATCH for-5.1 0/3] virtiofsd: allow virtiofsd to run in a container
Stefan Hajnoczi
stefanha at redhat.com
Thu Jul 23 12:46:45 UTC 2020
On Wed, Jul 22, 2020 at 02:19:14PM -0400, Vivek Goyal wrote:
> On Wed, Jul 22, 2020 at 02:02:03PM +0100, Stefan Hajnoczi wrote:
> > Container runtimes handle namespace setup and remove privileges needed by
> > virtiofsd to perform sandboxing. Luckily the container environment already
> > provides most of the sandbox that virtiofsd needs for security.
> >
> > Introduce a new "virtiofsd -o chroot" option that uses chroot(2) instead of
> > namespaces. This option allows virtiofsd to work inside a container.
> >
> > Please see the individual patches for details on the changes and security
> > implications.
> >
> > Given that people are starting to attempt running virtiofsd in containers I
> > think this should go into QEMU 5.1.
>
> Hi Stefan,
>
> I have written a document to help with testing virtiofs with any changes.
>
> https://github.com/rhvgoyal/misc/blob/master/virtiofs-tests/virtio-fs-testing-requirement.txt
>
> Will be good to run some of these tests to make sure there are no
> regressions due to these changes.
Thank you! I will run them and post the results.
Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/virtio-fs/attachments/20200723/1f95f701/attachment.sig>
More information about the Virtio-fs
mailing list