Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Option to start virtiofsd with namespacing/uid-map enabled #202

Open
septatrix opened this issue Dec 3, 2024 · 3 comments
Open

Option to start virtiofsd with namespacing/uid-map enabled #202

septatrix opened this issue Dec 3, 2024 · 3 comments

Comments

@septatrix
Copy link

I have a prebuild rootfs where all files are owned by my user instead of root. Using that as the root for virtme results in errors as apparently mount -t tmpfs run /run fails in those cases. It would be great if there was an option to enable the --sandbox or --uid-map flags for the virtiofsd invocation. My current workaround is to run unshare --map-root-user virtme-run ... but I am not sure if there are other side effects
@septatrix septatrix mentioned this issue Dec 3, 2024
Closed
@matttbe
Copy link
Collaborator

matttbe commented Dec 3, 2024

Hello,

Interesting use-case!

It would be great if there was an option to enable the --sandbox or --uid-map flags for the virtiofsd invocation.

Maybe there is a way to detect when these options are needed? Or adding a new option to both vng and virtme-run to pass extra options to virtiofsd, something similar to --append that can be used multiple times.

@septatrix
Copy link
Author

Hello,

Cheers :)

Interesting use-case!

Yeah, I am using mkosi to generate my rootfs which generally does everything as the user and am toying around with virtme-ng for some CI stuff

It would be great if there was an option to enable the --sandbox or --uid-map flags for the virtiofsd invocation.

Maybe there is a way to detect when these options are needed? Or adding a new option to both vng and virtme-run to pass extra options to virtiofsd, something similar to --append that can be used multiple times.

mkosi also allows booting the image and they check if the invoking uid+gid equals the uid+gid of the root of the filesystem and depending on that invoke unshare the namespace:

https://github.com/systemd/mkosi/blob/45c62d01e96ad06420599a370a9116b8cb51c343/mkosi/qemu.py#L349-L356

@matttbe
Copy link
Collaborator

matttbe commented Dec 4, 2024

mkosi also allows booting the image and they check if the invoking uid+gid equals the uid+gid of the root of the filesystem and depending on that invoke unshare the namespace:

https://github.com/systemd/mkosi/blob/45c62d01e96ad06420599a370a9116b8cb51c343/mkosi/qemu.py#L349-L356

If there is a way to detect when --uid-map is needed, that would be great to automatically adapt the command to start virtiofsd:

virtme-ng/virtme/commands/run.py

Lines 681 to 684 in ba08268

os.system(
f"{virtiofsd_path} --syslog --no-announce-submounts " +
f"--socket-path {self.sock} --shared-dir {path} --sandbox none {stderr} &"
)

Because you have the environment, and I see you successfully contributed to mkosi, do you maybe want to try modifying virtme-run to improve this situation? If you download the source code, you can run make to build the init program, then simply execute ./vng or ./virtme-run, and that's it :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matttbe @septatrix