[Virtio-fs] [PATCH] docs: describe the security considerations with virtiofsd xattr mapping
Harry G. Coin
hgcoin at gmail.com
Tue Jun 15 17:19:25 UTC 2021
On 6/15/21 10:46 AM, Daniel P. Berrangé wrote, in part:
> - Don't use xattrs at all for remapping, instead use
> hidden files.
As not every host filesystem will have xattrs, or have xattrs enabled:
Isn't something like the above required of virtiofsd anyway?
Also, for security, you might consider creating a parallel hidden
directory tree 'beside' the shared root (so not exposed to the guest)
then put the xattrs in files there. So if /var/shared/foo is visible to
the guest, /var/shared/.foo.guest_xattrs/ parallels that.
More information about the Virtio-fs
mailing list