[Virtio-fs] Ownership of a file shared between guest and host

virtio-fs.lists.linux.dev archive mirror
 help / color / mirror / Atom feed

From: "Pra.. Dew.." <linux_learner@outlook.com>
To: "virtio-fs@redhat.com" <virtio-fs@redhat.com>
Subject: [Virtio-fs] Ownership of a file shared between guest and host
Date: Fri, 8 Jul 2022 20:18:19 +0000	[thread overview]
Message-ID: <BY5PR14MB38930999DE81BFE799016C8C86829@BY5PR14MB3893.namprd14.prod.outlook.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 771 bytes --]

We have been able to setup virtiofs between guest and host (QEMU 6.2/Linux 5.15). We run virtiofsd as a non-root user in the host. We did not want to run it as a root user in order to minimize the attack surface. We run it as a virtiofs user. When we create a file in the shared folder, the permission of the file is virtiofs user and virtiofs group. When we read that file from the guest it shows virtiofs user (only the uid) and nobody group. The goal is to restrict the access of the file to a few services in the guest (not give access to all services). We tried to create a group in the guest and tried to move the file in the new group. However chown gives "bad descriptor." Is there a better way of doing this? Any input is really appreciated. Thank you so much!

[-- Attachment #2: Type: text/html, Size: 1186 bytes --]

next             reply	other threads:[~2022-07-08 20:18 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-07-08 20:18 Pra.. Dew.. [this message]
2022-07-11  7:59 ` [Virtio-fs] Ownership of a file shared between guest and host German Maglione
2022-07-12 12:37 ` Vivek Goyal
2022-07-12 23:14   ` Pra.. Dew..
2022-08-19  6:40     ` Pra.. Dew..

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BY5PR14MB38930999DE81BFE799016C8C86829@BY5PR14MB3893.namprd14.prod.outlook.com \
    --to=linux_learner@outlook.com \
    --cc=virtio-fs@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).