[Virtio-fs] How is the daemon meant to be started?

[Virtio-fs] How is the daemon meant to be started?

[Aa Aa]

Hi

I have a few questions about using virtiofsd. I currently have multiple vms share the same mountpoint for their rootfs using 9p, in read only (9p had a permissions issue but that was overcome). I can start qemu for each of them as non root with say only allowing access to /dev/kvm and even have some of the VM running with a different user name.

If I wish to change to using virtiofsd, I can just change the init to:
  mount -t virtiofs -onoatime,nodiratime,noauto,ro rootfs /new  | mount -t 9p -onoatime,nodiratime,noauto,ro,trans=virtio,cache=loose root /new
and the qemu command line from using 9p to using a vhost-user-fs-pci device.

The problem is how do I start virtiofsd. The daemon needs root permissions from what I can tell, to start. Thereafter, it listens on the socket and only accepts a single connection on the socket. In my case, I have a single mount point that I wish to use multiple times. You cannot listen on the socket multiple times, so I cannot say that /mnt/root socket will be exported as /run/virtiofsd/mounts/mnt-root.socket by something that has been started by root independently of qemu, but rather it would appear that I need to be root and create a socket for each qemu task then drop permissions. Is this correct or is there another way to achieve this.

Cheers

JT

Re: [Virtio-fs] How is the daemon meant to be started?

[Dr. David Alan Gilbert]

* Aa Aa (jimbothom@yandex.com) wrote:
> Hi
> 
> I have a few questions about using virtiofsd. I currently have multiple vms share the same mountpoint for their rootfs using 9p, in read only (9p had a permissions issue but that was overcome). I can start qemu for each of them as non root with say only allowing access to /dev/kvm and even have some of the VM running with a different user name.
> 
> If I wish to change to using virtiofsd, I can just change the init to:
>   mount -t virtiofs -onoatime,nodiratime,noauto,ro rootfs /new  | mount -t 9p -onoatime,nodiratime,noauto,ro,trans=virtio,cache=loose root /new
> and the qemu command line from using 9p to using a vhost-user-fs-pci device.
> 
> The problem is how do I start virtiofsd. The daemon needs root
> permissions from what I can tell, to start. Thereafter, it listens on the
> socket and only accepts a single connection on the socket. In my case,
> I have a single mount point that I wish to use multiple times. You cannot
> listen on the socket multiple times, so I cannot say that /mnt/root socket
> will be exported as /run/virtiofsd/mounts/mnt-root.socket by something
> that has been started by root independently of qemu, but rather it would
> appear that I need to be root 

Correct, at the moment you do need to be root; there were some
suggestions for relaxing that but they haven't been sorted out yet.

> and create a socket for each qemu task then
> drop permissions. Is this correct or is there another way to achieve this.

Yes, you need one daemon instance per mount/VM.

Dave

> 
> Cheers
> 
> JT
> 
> 
> _______________________________________________
> Virtio-fs mailing list
> Virtio-fs@redhat.com
> https://www.redhat.com/mailman/listinfo/virtio-fs
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK