Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root

["Daniel P. Berrangé" <berrange@redhat.com>]

On Tue, May 05, 2020 at 04:23:59PM +0100, Stefan Hajnoczi wrote:
> On Mon, May 04, 2020 at 04:07:22PM +0200, Marc-André Lureau wrote:
> > Hi
> > 
> > On Fri, May 1, 2020 at 8:29 PM Colin Walters <walters@verbum.org> wrote:
> > >
> > > I'd like to make use of virtiofs as part of our tooling in
> > > https://github.com/coreos/coreos-assembler
> > > Most of the code runs as non-root today; qemu also runs as non-root.
> > > We use 9p right now.
> > >
> > > virtiofsd's builtin sandboxing effectively assumes it runs as
> > > root.
> > >
> > > First, change the code to use `clone()` and not `unshare()+fork()`.
> > >
> > > Next, automatically use `CLONE_NEWUSER` if we're running as non root.
> > >
> > > This is similar logic to that in https://github.com/containers/bubblewrap
> > > (Which...BTW, it could make sense for virtiofs to depend on bubblewrap
> > >  and re-exec itself rather than re-implementing the containerization
> > >  itself)
> > >
> > 
> > Now that systemd-nspawn works without privileges, isn't that also a
> > solution? One that would fit both system and session level
> > permissions, and integration with other services?
> 
> Does systemd-nspawn work inside containers?
> 
> I think virtiofsd will need to run inside containers in the future and
> remember systemd being difficult to use in containers.

It can be made to work, but my gut tells me people won't be happy if
system were a mandatory requirement for virtiofsd usage. Also there
are current Linux distros which don't even use systemd.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|