On Thu, May 10, 2012 at 03:29:54PM +0300, Avi Kivity wrote: > Currently when you mount a filesystem, you face two issues: > - you have to be root > - if the media is untrusted, it can exploit your kernel > > With kvm and fuse, we can have a virtualized kernel mount the > filesystem, and re-export to the host, which mounts it using a fuse > interface. This solves both problems, at the expense of speed and > simplicity. In theory this can be used for mounting untrusted USB > sticks (perhaps only for the less well tested filesystems). I guess you CC'd me so I could point out guestmount :-? http://libguestfs.org/guestmount.1.html guestmount does the above already, and you can point it directly at USB sticks, hard drives and the like, although most people use it for mounting VM filesystems on the host. On my local machine I'm a member of the "disk" group so I can do all this as non-root: $ guestmount --ro -a /dev/vg_pin/F16x64 -i /tmp/mnt $ cat /tmp/mnt/etc/redhat-release Fedora release 16 (Verne) $ ls /tmp/mnt bin dev home lib64 media opt root sbin srv tmp var boot etc lib lost+found mnt proc run selinux sys usr One problem you'll find is that FUSE is pretty slow. I recommend if you're looking for performance that you use the libguestfs API calls directly instead of POSIX-over-FUSE. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into Xen guests. http://et.redhat.com/~rjones/virt-p2v -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
