On Mon, Jul 24, 2023 at 10:08:50AM -0400, Demi Marie Obenour wrote: > I saw that libguestfs has a guestmount(1) tool, and I think this could be > a potential solution. An exploit against the kernel FS driver would only > grant access to a KVM guest, and the QEMU process can be tightly sandboxed > by means such as seccomp and SELinux. Right. guestmount does however use an unholy combination of FUSE and proxying requests through the KVM guest so this wouldn't be very fast :-/ There's a native API which is much faster, which might be used by gvfs (or whatever the gnome abstract filesystem thing is called). I think that would allow GNOME's file manager to work, and would be a lot faster. Rich. > I still believe that mounting should _not_ be automatic, though, because > it could have side-effects (such as replaying the FS journal) that might > not be wanted. To prevent prompt fatigue, Fedora could offer to remember > the user’s choice. > -- > Sincerely, > Demi Marie Obenour (she/her/hers) > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
