Home Explore Help
Register Sign In
FangSoftSoft
/
qemu
mirror of https://github.com/utmapp/qemu.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: v8.0.2-utm
Branches Tags
qemu
/
docs
/
tools
/
virtfs-proxy-helper.rst

virtfs-proxy-helper.rst 2.2 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. QEMU 9p virtfs proxy filesystem helper
    2. 

  2. ======================================
    3. 

  3. 

  4. Synopsis
    5. 

  5. --------
    6. 

  6. 

  7. **virtfs-proxy-helper** [*OPTIONS*]
    8. 

  8. 

  9. Description
    10. 

  10. -----------
    11. 

  11. 

  12. Pass-through security model in QEMU 9p server needs root privilege to do
    13. 

  13. few file operations (like chown, chmod to any mode/uid:gid).  There are two
    14. 

  14. issues in pass-through security model:
    15. 

  15. 

  16. - TOCTTOU vulnerability: Following symbolic links in the server could
    17. 

  17.   provide access to files beyond 9p export path.
    18. 

  18. 

  19. - Running QEMU with root privilege could be a security issue.
    20. 

  20. 

  21. To overcome above issues, following approach is used: A new filesystem
    22. 

  22. type 'proxy' is introduced. Proxy FS uses chroot + socket combination
    23. 

  23. for securing the vulnerability known with following symbolic links.
    24. 

  24. Intention of adding a new filesystem type is to allow qemu to run
    25. 

  25. in non-root mode, but doing privileged operations using socket IO.
    26. 

  26. 

  27. Proxy helper (a stand alone binary part of qemu) is invoked with
    28. 

  28. root privileges. Proxy helper chroots into 9p export path and creates
    29. 

  29. a socket pair or a named socket based on the command line parameter.
    30. 

  30. QEMU and proxy helper communicate using this socket. QEMU proxy fs
    31. 

  31. driver sends filesystem request to proxy helper and receives the
    32. 

  32. response from it.
    33. 

  33. 

  34. The proxy helper is designed so that it can drop root privileges except
    35. 

  35. for the capabilities needed for doing filesystem operations.
    36. 

  36. 

  37. Options
    38. 

  38. -------
    39. 

  39. 

  40. The following options are supported:
    41. 

  41. 

  42. .. program:: virtfs-proxy-helper
    43. 

  43. 

  44. .. option:: -h
    45. 

  45. 

  46.   Display help and exit
    47. 

  47. 

  48. .. option:: -p, --path PATH
    49. 

  49. 

  50.   Path to export for proxy filesystem driver
    51. 

  51. 

  52. .. option:: -f, --fd SOCKET_ID
    53. 

  53. 

  54.   Use given file descriptor as socket descriptor for communicating with
    55. 

  55.   qemu proxy fs drier. Usually a helper like libvirt will create
    56. 

  56.   socketpair and pass one of the fds as parameter to this option.
    57. 

  57. 

  58. .. option:: -s, --socket SOCKET_FILE
    59. 

  59. 

  60.   Creates named socket file for communicating with qemu proxy fs driver
    61. 

  61. 

  62. .. option:: -u, --uid UID
    63. 

  63. 

  64.   uid to give access to named socket file; used in combination with -g.
    65. 

  65. 

  66. .. option:: -g, --gid GID
    67. 

  67. 

  68.   gid to give access to named socket file; used in combination with -u.
    69. 

  69. 

  70. .. option:: -n, --nodaemon
    71. 

  71. 

  72.   Run as a normal program. By default program will run in daemon mode
    73.