[Virtio-fs] [RFC] About non-root virtiofsd(1) process

[P J P]

  Hello,

+-- On Thu, 14 Jan 2021, Stefan Hajnoczi wrote --+
| On Thu, Jan 14, 2021 at 02:11:28PM +0530, P J P wrote:
| > Ex. By default offer only read access to guest VM.
| 
| That's not useful. Most users require read-write.

* Agreed. I meant let 'rw' access be user's choice than the default for 
  virtiofsd(1).
 
| The fundamental issue is that the server must be able to create, access, and 
| modify files with arbitrary uids/gids.

* Why arbitrary uids/gids? Once a directory is shared with a guest, its 
  uids/gids would stay same, no?

* We also start separate virtiofsd(1) process for each share/guest too. ie.  
  single virtiofsd(1) daemon is not catering to multiple guests and their
  respective shared directories, right?

| If you have specific ideas, let's discuss them.

* One was to have a command line switch similar to 'qemu -runas <user>'

     $ ./virtiofsd -runas test -o source=...

  If a user wants to run virtiofsd(1) with non-root privileges, it'll be 
  handy.

| https://gitlab.com/virtio-fs/qemu/-/merge_requests/6/diffs?commit_id=718c71fa44f6b92ac27558c903d27935236b08ef

* I'll go through it.


Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D