virtfs-proxy-helper(1)

1VIRTFS-PROXY-HELPER.1(1)                              VIRTFS-PROXY-HELPER.1(1)
2
3
4

NAME

6       virtfs-proxy-helper - QEMU 9p virtfs proxy filesystem helper
7

SYNOPSIS

9       virtfs-proxy-helper options
10

DESCRIPTION

12           Pass-through security model in QEMU 9p server needs root privilege
13           to do few file operations (like chown, chmod to any mode/uid:gid).
14           There are two issues in pass-through security model
15
16           1) TOCTTOU vulnerability: Following symbolic links in the server
17           could provide access to files beyond 9p export path.
18
19           2) Running QEMU with root privilege could be a security issue.
20
21           To overcome above issues, following approach is used: A new
22           filesystem type 'proxy' is introduced. Proxy FS uses chroot +
23           socket combination for securing the vulnerability known with
24           following symbolic links.  Intention of adding a new filesystem
25           type is to allow qemu to run in non-root mode, but doing privileged
26           operations using socket IO.
27
28           Proxy helper(a stand alone binary part of qemu) is invoked with
29           root privileges. Proxy helper chroots into 9p export path and
30           creates a socket pair or a named socket based on the command line
31           parameter.  QEMU and proxy helper communicate using this socket.
32           QEMU proxy fs driver sends filesystem request to proxy helper and
33           receives the response from it.
34
35           The proxy helper is designed so that it can drop root privileges
36           except for the capabilities needed for doing filesystem operations.
37

OPTIONS

39       The following options are supported:
40
41       -h  Display help and exit
42
43       -p|--path path
44           Path to export for proxy filesystem driver
45
46       -f|--fd socket-id
47           Use given file descriptor as socket descriptor for communicating
48           with qemu proxy fs drier. Usually a helper like libvirt will create
49           socketpair and pass one of the fds as parameter to -f|--fd
50
51       -s|--socket socket-file
52           Creates named socket file for communicating with qemu proxy fs
53           driver
54
55       -u|--uid uid -g|--gid gid
56           uid:gid combination to give access to named socket file
57
58       -n|--nodaemon
59           Run as a normal program. By default program will run in daemon mode
60

AUTHOR

62       M. Mohan Kumar
63
64
65
66                                  2019-11-15          VIRTFS-PROXY-HELPER.1(1)