[libvirt] [sandbox 2/2] machine: use squash security mode for non-root virt-sandbox mounts

When running virt-sandbox as a user with host-bind mount, the user can't write in the mounted folder. If run as root, use passthrough security mode, otherwise use squashed one to fix this. --- libvirt-sandbox/libvirt-sandbox-builder-machine.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libvirt-sandbox/libvirt-sandbox-builder-machine.c b/libvirt-sandbox/libvirt-sandbox-builder-machine.c index 7204f71..b6f2218 100644 --- a/libvirt-sandbox/libvirt-sandbox-builder-machine.c +++ b/libvirt-sandbox/libvirt-sandbox-builder-machine.c @@ -589,7 +589,10 @@ static gboolean gvir_sandbox_builder_machine_construct_devices(GVirSandboxBuilde fs = gvir_config_domain_filesys_new(); gvir_config_domain_filesys_set_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_MOUNT); - gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_PASSTHROUGH); + if (getuid() == 0) + gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_PASSTHROUGH); + else + gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_SQUASH); gvir_config_domain_filesys_set_source(fs, gvir_sandbox_config_mount_file_get_source(mfile)); gvir_config_domain_filesys_set_target(fs, target); -- 2.12.2