QEMU

nested 9p filesystem with security_model=mapped-xattr

Bug #1500265 reported by Daniel Haid
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
QEMU
Expired
Undecided
Unassigned

Bug Description

I do not know whether this is a bug or a feature request, but on a 9p virtfs with security_model=mapped-xattr, access to extended attributes starting with "user.virtfs" coming from the guest seem to be silently ignored. Would it not be more correct to use some sort of "escaping", say map to "user.virtfs.x" on guest to "user.virtfs.virtfs.x" on host or something like that, so that the guest can use arbitrary attributes.

In particular, this would allow nested virtual machines to use nested 9p virtfs with security_model=mapped-xattr.

Revision history for this message
Daniel Haid (d-haid) wrote :

After looking at the code, it seems that disabling the user.virtfs namespace was the intended behaviour. I have created a patch implementing nesting instead of disabling.

I do not know if this is the right way to do it, but I did some limited testing and it seemed ok.

Revision history for this message
Enrico Weigelt, metux IT consult (metux-its) wrote :

Interesting approach. But maybe it should be configurable (eg. specify the mapping prefix).

Revision history for this message
Thomas Huth (th-huth) wrote :

Looking through old bug tickets... is this still an issue with the latest version of QEMU? Or could we close this ticket nowadays?

Changed in qemu:
status: New → Incomplete
Revision history for this message
Christian Schoenebeck (schoenebeck) wrote :

The status of this issue is unchanged in QEMU, i.e. user.virtfs.* is still filtered out.

If someone wants to see this changed, please use the common way for sending the patch via ML:
https://wiki.qemu.org/Contribute/SubmitAPatch

Thomas Huth (th-huth)
Changed in qemu:
status: Incomplete → Triaged
Revision history for this message
Thomas Huth (th-huth) wrote : Moved bug report

This is an automated cleanup. This bug report has been moved to QEMU's
new bug tracker on gitlab.com and thus gets marked as 'expired' now.
Please continue with the discussion here:

 https://gitlab.com/qemu-project/qemu/-/issues/117

Changed in qemu:
status: Triaged → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.