[fedora-virt] libguestfs best practices: Exposing files from the host for the duration of a session

Richard W.M. Jones rjones at redhat.com
Fri May 29 09:44:34 UTC 2009


On Fri, May 29, 2009 at 03:34:21AM -0400, Michael Ansel wrote:
> 1) root (UID=0, everywhere) is the only one installing packages, so
> the UID mapping lines up perfectly every time

No - the concept of UIDs in libguestfs is non-intuitive.

Firstly the normal mode of operation is to run libguestfs as non-root.
There are plenty of reasons why this is a good idea, I think Charles
covered a few of them.  So everything we do is oriented around making
sure that we don't need to be root to do libguestfs operations.

However, libguestfs runs qemu/kvm (also as non-root) but that boots a
mini appliance.  *Inside* the appliance the appliance kernel thinks
everything is running as root.  It's not really from the point of view
of the host machine, but inside the appliance that's how it looks.

If we were to put an NFS server inside the appliance and tunnel the
connections out to the host, then the host would have to mount the
drive as root (or we'd have to fake it somehow - non-trivial with
NFS).

If we put an FTP server inside the appliance, things are better.  FTP
clients are widely available, either standalone or as libraries for
many programming languages.  They just need to be able to make a TCP
connection, so there is no requirement for special privileges.  On the
server side (inside the appliance) the FTP server is running as "root"
so it can make arbitrary changes to the filesystem.

> 2) you only need root access on the host once when you are building
> the VM; you don't need NFS after it is already built

With libguestfs currently, you never need root at all, not to build
libguestfs, not to run it, not for any operations using it.

Rich.




More information about the Fedora-virt mailing list