You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
I have a directory with files owned by root. I'd like to share this filesystem so that non-admin users (or even no users at all) on the guest can read these files but not modify them.
Describe the solution you'd like
A couple ideas (I'm not sure if these would solve the problem on their own)
a registry key/command-line to set LocalUid/LocalGid
Describe alternatives you've considered
The host system is a container so making a read-only mount would be non-trivial (mount is blocked by seccomp and I'm not 100% clea on the security implications of allowing it).
I could run the host virtiofsd as a non-privileged host user, however, I want to keep these root owned files from being read by unprivileged users on the host.
Additional context
N/A
The text was updated successfully, but these errors were encountered:
The motivation is that it is hard to reliably set the file owner to the current user ID, especially when virtiofs runs as a Windows service or when Active Directory is enabled. Please also take into account that such permissions should be mapped somehow to host POSIX permissions.
It is possible to adjust LocalUid and LocalGid, but I'm not sure this can solve your problem.
From my point of view, the problem of securing host files should be solved on the host side (virtiofsd).
OK, I suppose this is a niche use-case. I solved it by adding a startup script to my VM that reads the file off of the bridge, copies it into the C drive, makes it only readable by admins, and then removes the original file from the bridge. I suppose this solves the problem.
Is your feature request related to a problem? Please describe.
I have a directory with files owned by
root
. I'd like to share this filesystem so that non-admin users (or even no users at all) on the guest can read these files but not modify them.Describe the solution you'd like
A couple ideas (I'm not sure if these would solve the problem on their own)
LocalUid
/LocalGid
Describe alternatives you've considered
The host system is a container so making a read-only mount would be non-trivial (mount is blocked by seccomp and I'm not 100% clea on the security implications of allowing it).
I could run the host
virtiofsd
as a non-privileged host user, however, I want to keep theseroot
owned files from being read by unprivileged users on the host.Additional context
N/A
The text was updated successfully, but these errors were encountered: