[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] Fwd: Re: VirtFS Query



[CC'd to danpb]

On Thu, Sep 29, 2011 at 10:52:31PM +0530, Aneesh Kumar K.V wrote:
> On Thu, 29 Sep 2011 17:12:22 +0100, "Richard W.M. Jones" <rjones redhat com> wrote:
> > On Thu, Sep 29, 2011 at 09:19:03PM +0530, Harsh Bora wrote:
> > > Richard, FYI.
> > > 
> > > On Wed, 28 Sep 2011 17:05:42 +0530, Harsh Bora
> > > <harsh linux vnet ibm com> wrote:
> > > >Hi Aneesh,
> > > >
> > > >Richard asked me if we have any plans to provide a solution for this use
> > > >case:
> > > >
> > > >https://www.redhat.com/archives/libguestfs/2011-September/msg00089.html
> > > >
> > > >IIUC, VirtFS as a rootfs is targeted towards this requirement only,
> > > >right? Any inputs ?
> > > >
> > > 
> > > The right way to do this is to use a export path /guest and bind mount
> > > needed directories within. VirtFS just export /guest and everything
> > > works out easily. I already have autotest driving virtFS as root. So
> > > that works easily
> > 
> > That's not going to work for us.
> > 
> > Firstly bind mounting requires root, which is no good for libguestfs.
> > 
> 
> Another alternative suggested by pekka for tools/kvm (native linux kvm)
> is to create a directory layout as below
> 
> in /guest1-export/ 
> 
>  bin -> /host/bin
>  sbin -> /host/sbin
>  usr -> /host/usr
>  lib -> /host/lib
>  etc
>  proc
>  var
>  host
> 
> and qemu starts with two export path /guest1-export as root and / of the
> common image (or host) as /host on guest. Now 9p resolves symbolic links
> in the guest. So which ever directory that need to be shared with host
> can have a symlink and everything works 

I'm going to play with this later.

The downside is the whole of the host filesystem is exported to the
appliance, which is a security risk (compromised appliance can read
any file from the host).

Another thought related to symlinks: We could solve it with a "nest
of symlinks" in the host, eg:

  /guest-export/usr/sbin/guestfs -> /our/own/guestfsd
  /guest-export/usr/sbin/e2fsck -> /usr/sbin/e2fsck
  [etc]

*if* 9p resolved *some* (but not all) symlinks in the host.  Perhaps
we could mark the symlinks we want resolved on the host side using an
xattr?

> > Secondly there are no directories that we could bind mount.  We really
> > need the flexibility outlined in that email.  Just two examples of
> > this (there are more):
> > 
> >  - /usr/sbin in the appliance is not the same as /usr/sbin on the
> >    host.  The appliance version should contain a subset of the host
> >    directory, plus at least one extra binary (/usr/sbin/guestfsd).
> > 
> >  - Because /etc files on the host can be arbitrarily modified, we need
> >    to construct our own /etc directory, with files from the host and
> >    files that we supply.
> > 
> > What's may help here is some sort of plugin or passthrough mechanism
> > letting us add our own 9p server/plugin without pushing all the
> > complexity we need into qemu sources.
> > 
> > More here:
> > http://libguestfs.org/febootstrap.8.html#supermin_appliances
> 
> There is some level of plugability with VirtFS server already. You can
> look at virtio-9p-local.c, virtio-9p-handle.c and virtio-9p-synth.c in
> the example.  git://repo.or.cz/qemu/v9fs.git

Thanks.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]