qemu/fsdev/virtfs-proxy-helper.texi
<<
>>
Prefs 
   1@example
   2@c man begin SYNOPSIS
   3@command{virtfs-proxy-helper} @var{options}
   4@c man end
   5@end example
   6
   7@c man begin DESCRIPTION
   8@table @description
   9Pass-through security model in QEMU 9p server needs root privilege to do
  10few file operations (like chown, chmod to any mode/uid:gid).  There are two
  11issues in pass-through security model
  12
  131) TOCTTOU vulnerability: Following symbolic links in the server could
  14provide access to files beyond 9p export path.
  15
  162) Running QEMU with root privilege could be a security issue.
  17
  18To overcome above issues, following approach is used: A new filesystem
  19type 'proxy' is introduced. Proxy FS uses chroot + socket combination
  20for securing the vulnerability known with following symbolic links.
  21Intention of adding a new filesystem type is to allow qemu to run
  22in non-root mode, but doing privileged operations using socket IO.
  23
  24Proxy helper(a stand alone binary part of qemu) is invoked with
  25root privileges. Proxy helper chroots into 9p export path and creates
  26a socket pair or a named socket based on the command line parameter.
  27QEMU and proxy helper communicate using this socket. QEMU proxy fs
  28driver sends filesystem request to proxy helper and receives the
  29response from it.
  30
  31The proxy helper is designed so that it can drop root privileges except
  32for the capabilities needed for doing filesystem operations.
  33
  34@end table
  35@c man end
  36
  37@c man begin OPTIONS
  38The following options are supported:
  39@table @option
  40@item -h
  41@findex -h
  42Display help and exit
  43@item -p|--path path
  44Path to export for proxy filesystem driver
  45@item -f|--fd socket-id
  46Use given file descriptor as socket descriptor for communicating with
  47qemu proxy fs drier. Usually a helper like libvirt will create
  48socketpair and pass one of the fds as parameter to -f|--fd
  49@item -s|--socket socket-file
  50Creates named socket file for communicating with qemu proxy fs driver
  51@item -u|--uid uid -g|--gid gid
  52uid:gid combination to give access to named socket file
  53@item -n|--nodaemon
  54Run as a normal program. By default program will run in daemon mode
  55@end table
  56@c man end
  57
  58@setfilename virtfs-proxy-helper
  59@settitle QEMU 9p virtfs proxy filesystem helper
  60
  61@c man begin AUTHOR
  62M. Mohan Kumar
  63@c man end
  64
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.