1VIRTFS-PROXY-HELPER(1)               QEMU               VIRTFS-PROXY-HELPER(1)
2
3
4

NAME

6       virtfs-proxy-helper - QEMU 9p virtfs proxy filesystem helper
7

SYNOPSIS

9       virtfs-proxy-helper [OPTIONS]
10

DESCRIPTION

12       Pass-through  security  model in QEMU 9p server needs root privilege to
13       do few file operations (like chown, chmod to any mode/uid:gid).   There
14       are two issues in pass-through security model:
15
16       • TOCTTOU  vulnerability:  Following symbolic links in the server could
17         provide access to files beyond 9p export path.
18
19       • Running QEMU with root privilege could be a security issue.
20
21       To overcome above issues, following approach is used: A new  filesystem
22       type  'proxy'  is introduced. Proxy FS uses chroot + socket combination
23       for securing the vulnerability known  with  following  symbolic  links.
24       Intention  of  adding  a new filesystem type is to allow qemu to run in
25       non-root mode, but doing privileged operations using socket IO.
26
27       Proxy helper (a stand alone binary part of qemu) is invoked  with  root
28       privileges.  Proxy  helper  chroots  into  9p export path and creates a
29       socket pair or a named socket based  on  the  command  line  parameter.
30       QEMU  and  proxy  helper  communicate  using this socket. QEMU proxy fs
31       driver sends filesystem request to proxy helper and  receives  the  re‐
32       sponse from it.
33
34       The proxy helper is designed so that it can drop root privileges except
35       for the capabilities needed for doing filesystem operations.
36

OPTIONS

38       The following options are supported:
39
40       -h     Display help and exit
41
42       -p, --path PATH
43              Path to export for proxy filesystem driver
44
45       -f, --fd SOCKET_ID
46              Use given file descriptor as socket descriptor for communicating
47              with  qemu  proxy  fs  drier. Usually a helper like libvirt will
48              create socketpair and pass one of the fds as parameter  to  this
49              option.
50
51       -s, --socket SOCKET_FILE
52              Creates  named  socket file for communicating with qemu proxy fs
53              driver
54
55       -u, --uid UID
56              uid to give access to named socket  file;  used  in  combination
57              with -g.
58
59       -g, --gid GID
60              gid  to  give  access  to named socket file; used in combination
61              with -u.
62
63       -n, --nodaemon
64              Run as a normal program. By default program will run  in  daemon
65              mode
66

AUTHOR

68       M. Mohan Kumar
69
71       2023, The QEMU Project Developers
72
73
74
75
767.2.6                            Sep 26, 2023           VIRTFS-PROXY-HELPER(1)
Impressum