qemu/docs/tools/virtfs-proxy-helper.rst
<<
>>
Prefs 
   1QEMU 9p virtfs proxy filesystem helper
   2======================================
   3
   4Synopsis
   5--------
   6
   7**virtfs-proxy-helper** [*OPTIONS*]
   8
   9Description
  10-----------
  11
  12Pass-through security model in QEMU 9p server needs root privilege to do
  13few file operations (like chown, chmod to any mode/uid:gid).  There are two
  14issues in pass-through security model:
  15
  16- TOCTTOU vulnerability: Following symbolic links in the server could
  17  provide access to files beyond 9p export path.
  18
  19- Running QEMU with root privilege could be a security issue.
  20
  21To overcome above issues, following approach is used: A new filesystem
  22type 'proxy' is introduced. Proxy FS uses chroot + socket combination
  23for securing the vulnerability known with following symbolic links.
  24Intention of adding a new filesystem type is to allow qemu to run
  25in non-root mode, but doing privileged operations using socket IO.
  26
  27Proxy helper (a stand alone binary part of qemu) is invoked with
  28root privileges. Proxy helper chroots into 9p export path and creates
  29a socket pair or a named socket based on the command line parameter.
  30QEMU and proxy helper communicate using this socket. QEMU proxy fs
  31driver sends filesystem request to proxy helper and receives the
  32response from it.
  33
  34The proxy helper is designed so that it can drop root privileges except
  35for the capabilities needed for doing filesystem operations.
  36
  37Options
  38-------
  39
  40The following options are supported:
  41
  42.. program:: virtfs-proxy-helper
  43
  44.. option:: -h
  45
  46  Display help and exit
  47
  48.. option:: -p, --path PATH
  49
  50  Path to export for proxy filesystem driver
  51
  52.. option:: -f, --fd SOCKET_ID
  53
  54  Use given file descriptor as socket descriptor for communicating with
  55  qemu proxy fs drier. Usually a helper like libvirt will create
  56  socketpair and pass one of the fds as parameter to this option.
  57
  58.. option:: -s, --socket SOCKET_FILE
  59
  60  Creates named socket file for communicating with qemu proxy fs driver
  61
  62.. option:: -u, --uid UID
  63
  64  uid to give access to named socket file; used in combination with -g.
  65
  66.. option:: -g, --gid GID
  67
  68  gid to give access to named socket file; used in combination with -u.
  69
  70.. option:: -n, --nodaemon
  71
  72  Run as a normal program. By default program will run in daemon mode
  73
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.