qemu

FORK: QEMU emulator
git clone https://git.neptards.moe/neptards/qemu.git
Log | Files | Refs | Submodules | LICENSE

virtfs-proxy-helper.rst (2214B)

      1 QEMU 9p virtfs proxy filesystem helper
      2 ======================================
      3 
      4 Synopsis
      5 --------
      6 
      7 **virtfs-proxy-helper** [*OPTIONS*]
      8 
      9 Description
     10 -----------
     11 
     12 Pass-through security model in QEMU 9p server needs root privilege to do
     13 few file operations (like chown, chmod to any mode/uid:gid).  There are two
     14 issues in pass-through security model:
     15 
     16 - TOCTTOU vulnerability: Following symbolic links in the server could
     17   provide access to files beyond 9p export path.
     18 
     19 - Running QEMU with root privilege could be a security issue.
     20 
     21 To overcome above issues, following approach is used: A new filesystem
     22 type 'proxy' is introduced. Proxy FS uses chroot + socket combination
     23 for securing the vulnerability known with following symbolic links.
     24 Intention of adding a new filesystem type is to allow qemu to run
     25 in non-root mode, but doing privileged operations using socket IO.
     26 
     27 Proxy helper (a stand alone binary part of qemu) is invoked with
     28 root privileges. Proxy helper chroots into 9p export path and creates
     29 a socket pair or a named socket based on the command line parameter.
     30 QEMU and proxy helper communicate using this socket. QEMU proxy fs
     31 driver sends filesystem request to proxy helper and receives the
     32 response from it.
     33 
     34 The proxy helper is designed so that it can drop root privileges except
     35 for the capabilities needed for doing filesystem operations.
     36 
     37 Options
     38 -------
     39 
     40 The following options are supported:
     41 
     42 .. program:: virtfs-proxy-helper
     43 
     44 .. option:: -h
     45 
     46   Display help and exit
     47 
     48 .. option:: -p, --path PATH
     49 
     50   Path to export for proxy filesystem driver
     51 
     52 .. option:: -f, --fd SOCKET_ID
     53 
     54   Use given file descriptor as socket descriptor for communicating with
     55   qemu proxy fs drier. Usually a helper like libvirt will create
     56   socketpair and pass one of the fds as parameter to this option.
     57 
     58 .. option:: -s, --socket SOCKET_FILE
     59 
     60   Creates named socket file for communicating with qemu proxy fs driver
     61 
     62 .. option:: -u, --uid UID
     63 
     64   uid to give access to named socket file; used in combination with -g.
     65 
     66 .. option:: -g, --gid GID
     67 
     68   gid to give access to named socket file; used in combination with -u.
     69 
     70 .. option:: -n, --nodaemon
     71 
     72   Run as a normal program. By default program will run in daemon mode