On 12/13/23 15:47, Ján Tomko wrote: > When this check was introduced, virtiofsd required root privileges. > > This has changed since then - now it does not need to set up all the > sandboxing when running as non-root. It even gained support for > id mapping, which makes running unprivileged even more useful. > > Signed-off-by: Ján Tomko <jtomko@xxxxxxxxxx> > --- > src/qemu/qemu_virtiofs.c | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c > index af51d58673..4dacd37a1c 100644 > --- a/src/qemu/qemu_virtiofs.c > +++ b/src/qemu/qemu_virtiofs.c > @@ -257,10 +257,6 @@ qemuVirtioFSStart(virQEMUDriver *driver, > if (!(cmd = qemuVirtioFSBuildCommandLine(cfg, fs, &fd))) > goto error; > > - /* so far only running as root is supported */ > - virCommandSetUID(cmd, 0); > - virCommandSetGID(cmd, 0); This makes us unable to run C version of virtiofsd, becuase that one does privileged syscalls from the very start. I mean, you can't even run `virtiofsd --help` as a non-root. Personally, I'm not against this. But I was told we can't do that, sorry: https://lists.libvirt.org/archives/list/devel@xxxxxxxxxxxxxxxxx/message/U7FCZZH4ZORLFTQMLMN7B4T7A6GBFNSN/ Michal _______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
