On 12/13/23 15:47, Ján Tomko wrote:
When this check was introduced, virtiofsd required root privileges.
This has changed since then - now it does not need to set up all the sandboxing when running as non-root. It even gained support for id mapping, which makes running unprivileged even more useful.
Signed-off-by: Ján Tomko <jtomko@redhat.com> --- src/qemu/qemu_virtiofs.c | 4 ---- 1 file changed, 4 deletions(-)
diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c index af51d58673..4dacd37a1c 100644 --- a/src/qemu/qemu_virtiofs.c +++ b/src/qemu/qemu_virtiofs.c @@ -257,10 +257,6 @@ qemuVirtioFSStart(virQEMUDriver *driver, if (!(cmd = qemuVirtioFSBuildCommandLine(cfg, fs, &fd))) goto error;
- /* so far only running as root is supported */ - virCommandSetUID(cmd, 0); - virCommandSetGID(cmd, 0);
This makes us unable to run C version of virtiofsd, becuase that one does privileged syscalls from the very start. I mean, you can't even run `virtiofsd --help` as a non-root. Personally, I'm not against this. But I was told we can't do that, sorry: https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/U7FC... Michal