From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jan Kiszka Subject: Re: Idea: fuse-kvm filesystem Date: Thu, 10 May 2012 11:09:03 -0300 Message-ID: <4FABCBFF.1040609@siemens.com> References: <4FABB4C2.3050601@redhat.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: qemu-devel , KVM list , "Richard W.M. Jones" To: Avi Kivity Return-path: In-Reply-To: <4FABB4C2.3050601@redhat.com> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org Sender: qemu-devel-bounces+gceq-qemu-devel=gmane.org@nongnu.org List-Id: kvm.vger.kernel.org On 2012-05-10 09:29, Avi Kivity wrote: > Currently when you mount a filesystem, you face two issues: > - you have to be root > - if the media is untrusted, it can exploit your kernel > > With kvm and fuse, we can have a virtualized kernel mount the > filesystem, and re-export to the host, which mounts it using a fuse > interface. This solves both problems, at the expense of speed and > simplicity. In theory this can be used for mounting untrusted USB > sticks (perhaps only for the less well tested filesystems). > I preferred mountlo [1] for this task, specifically due to the quick mount time and reasonable performance. Unfortunately, this setup, specifically uml, required some love back then when I last tried. Jan [1] http://sourceforge.net/projects/fuse/files/mountlo -- Siemens AG, Corporate Technology, CT T DE IT 1 Corporate Competence Center Embedded Linux From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([208.118.235.92]:57947) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SSU3O-0004rW-T2 for qemu-devel@nongnu.org; Thu, 10 May 2012 10:09:16 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1SSU3J-0000aa-Dn for qemu-devel@nongnu.org; Thu, 10 May 2012 10:09:14 -0400 Received: from goliath.siemens.de ([192.35.17.28]:18901) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1SSU3J-0000ZP-4m for qemu-devel@nongnu.org; Thu, 10 May 2012 10:09:09 -0400 Message-ID: <4FABCBFF.1040609@siemens.com> Date: Thu, 10 May 2012 11:09:03 -0300 From: Jan Kiszka MIME-Version: 1.0 References: <4FABB4C2.3050601@redhat.com> In-Reply-To: <4FABB4C2.3050601@redhat.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Subject: Re: [Qemu-devel] Idea: fuse-kvm filesystem List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Avi Kivity Cc: qemu-devel , KVM list , "Richard W.M. Jones" On 2012-05-10 09:29, Avi Kivity wrote: > Currently when you mount a filesystem, you face two issues: > - you have to be root > - if the media is untrusted, it can exploit your kernel > > With kvm and fuse, we can have a virtualized kernel mount the > filesystem, and re-export to the host, which mounts it using a fuse > interface. This solves both problems, at the expense of speed and > simplicity. In theory this can be used for mounting untrusted USB > sticks (perhaps only for the less well tested filesystems). > I preferred mountlo [1] for this task, specifically due to the quick mount time and reasonable performance. Unfortunately, this setup, specifically uml, required some love back then when I last tried. Jan [1] http://sourceforge.net/projects/fuse/files/mountlo -- Siemens AG, Corporate Technology, CT T DE IT 1 Corporate Competence Center Embedded Linux