qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

virtiofsd: Any reason why there's not an "openat2" sandbox mode?

From: Colin Walters
Subject: virtiofsd: Any reason why there's not an "openat2" sandbox mode?
Date: Fri, 09 Sep 2022 17:24:03 -0400
User-agent: Cyrus-JMAP/3.7.0-alpha0-927-gf4c98c8499-fm-20220826.002-gf4c98c84 
We previously had a chat here 
https://lore.kernel.org/all/348d4774-bd5f-4832-bd7e-a21491fdac8d@www.fastmail.com/T/
around virtiofsd and privileges and the case of trying to run virtiofsd inside 
an unprivileged (Kubernetes) container.

Right now we're still using 9p, and it has bugs (basically it seems like the 9p 
inode flushing callback tries to allocate memory to send an RPC, and this 
causes OOM problems)
https://github.com/coreos/coreos-assembler/issues/1812

Coming back to this...as of lately in Linux, there's support for strongly 
isolated filesystem access via openat2():
https://lwn.net/Articles/796868/

Is there any reason we couldn't do an -o sandbox=openat2 ?  This operates 
without any privileges at all, and should be usable (and secure enough) in our 
use case.

I may try a patch if this sounds OK...
reply via email to
[Prev in Thread] Current Thread [Next in Thread]