Re: [libvirt PATCHv2 5/9] qemu: virtiofs: do not force UID 0
On 12/13/23 15:47, Ján Tomko wrote:
When this check was introduced, virtiofsd required root privileges.
This has changed since then - now it does not need to set up all the
sandboxing when running as non-root. It even gained support for
id mapping, which makes running unprivileged even more useful.
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
src/qemu/qemu_virtiofs.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
index af51d58673..4dacd37a1c 100644
--- a/src/qemu/qemu_virtiofs.c
+++ b/src/qemu/qemu_virtiofs.c
@@ -257,10 +257,6 @@ qemuVirtioFSStart(virQEMUDriver *driver,
if (!(cmd = qemuVirtioFSBuildCommandLine(cfg, fs, &fd)))
goto error;
- /* so far only running as root is supported */
- virCommandSetUID(cmd, 0);
- virCommandSetGID(cmd, 0);
This makes us unable to run C version of virtiofsd, becuase that one
does privileged syscalls from the very start. I mean, you can't even run
`virtiofsd --help` as a non-root.
Personally, I'm not against this. But I was told we can't do that, sorry:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/U...
Michal