virtfs-proxy-helper(1)

1VIRTFS-PROXY-HELPER(1)               QEMU               VIRTFS-PROXY-HELPER(1)
2
3
4

NAME

6       virtfs-proxy-helper - QEMU 9p virtfs proxy filesystem helper
7

SYNOPSIS

9       virtfs-proxy-helper [OPTIONS]
10

DESCRIPTION

12       NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be
13       removed, along with this daemon, in a future version of QEMU!
14
15       Pass-through security model in QEMU 9p server needs root  privilege  to
16       do  few file operations (like chown, chmod to any mode/uid:gid).  There
17       are two issues in pass-through security model:
18
19       • TOCTTOU vulnerability: Following symbolic links in the  server  could
20         provide access to files beyond 9p export path.
21
22       • Running QEMU with root privilege could be a security issue.
23
24       To  overcome above issues, following approach is used: A new filesystem
25       type 'proxy' is introduced. Proxy FS uses chroot +  socket  combination
26       for  securing  the  vulnerability  known with following symbolic links.
27       Intention of adding a new filesystem type is to allow qemu  to  run  in
28       non-root mode, but doing privileged operations using socket IO.
29
30       Proxy  helper  (a stand alone binary part of qemu) is invoked with root
31       privileges. Proxy helper chroots into 9p  export  path  and  creates  a
32       socket  pair  or  a  named  socket based on the command line parameter.
33       QEMU and proxy helper communicate using  this  socket.  QEMU  proxy  fs
34       driver  sends  filesystem  request to proxy helper and receives the re‐
35       sponse from it.
36
37       The proxy helper is designed so that it can drop root privileges except
38       for the capabilities needed for doing filesystem operations.
39

OPTIONS

41       The following options are supported:
42
43       -h     Display help and exit
44
45       -p, --path PATH
46              Path to export for proxy filesystem driver
47
48       -f, --fd SOCKET_ID
49              Use given file descriptor as socket descriptor for communicating
50              with qemu proxy fs drier. Usually a  helper  like  libvirt  will
51              create  socketpair  and pass one of the fds as parameter to this
52              option.
53
54       -s, --socket SOCKET_FILE
55              Creates named socket file for communicating with qemu  proxy  fs
56              driver
57
58       -u, --uid UID
59              uid  to  give  access  to named socket file; used in combination
60              with -g.
61
62       -g, --gid GID
63              gid to give access to named socket  file;  used  in  combination
64              with -u.
65
66       -n, --nodaemon
67              Run  as  a normal program. By default program will run in daemon
68              mode
69

AUTHOR

71       M. Mohan Kumar
72

COPYRIGHT

74       2023, The QEMU Project Developers
75
76
77
78
798.1.3                            Nov 28, 2023           VIRTFS-PROXY-HELPER(1)