On Wed, Jul 22, 2020 at 02:19:14PM -0400, Vivek Goyal wrote:
> On Wed, Jul 22, 2020 at 02:02:03PM +0100, Stefan Hajnoczi wrote:
> > Container runtimes handle namespace setup and remove privileges needed by
> > virtiofsd to perform sandboxing. Luckily the container environment already
> > provides most of the sandbox that virtiofsd needs for security.
> > 
> > Introduce a new "virtiofsd -o chroot" option that uses chroot(2) instead of
> > namespaces. This option allows virtiofsd to work inside a container.
> > 
> > Please see the individual patches for details on the changes and security
> > implications.
> > 
> > Given that people are starting to attempt running virtiofsd in containers I
> > think this should go into QEMU 5.1.
> 
> Hi Stefan,
> 
> I have written a document to help with testing virtiofs with any changes.
> 
> https://github.com/rhvgoyal/misc/blob/master/virtiofs-tests/virtio-fs-testing-requirement.txt
> 
> Will be good to run some of these tests to make sure there are no
> regressions due to these changes.

Thank you! I will run them and post the results.

Stefan