From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:48457)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1SSTIP-0000m4-9m
	for qemu-devel@nongnu.org; Thu, 10 May 2012 09:20:49 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1SSTIN-00042Q-E1
	for qemu-devel@nongnu.org; Thu, 10 May 2012 09:20:40 -0400
Received: from mx1.redhat.com ([209.132.183.28]:49478)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <avi@redhat.com>) id 1SSTIN-00042J-5Z
	for qemu-devel@nongnu.org; Thu, 10 May 2012 09:20:39 -0400
Message-ID: <4FABBAB5.9010506@redhat.com>
Date: Thu, 10 May 2012 15:55:17 +0300
From: Avi Kivity <avi@redhat.com>
MIME-Version: 1.0
References: <4FABB4C2.3050601@redhat.com>
	<20120510123505.GM15276@amd.home.annexia.org>
In-Reply-To: <20120510123505.GM15276@amd.home.annexia.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] Idea: fuse-kvm filesystem
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Richard W.M. Jones" <rjones@redhat.com>
Cc: qemu-devel <qemu-devel@nongnu.org>, KVM list <kvm@vger.kernel.org>

On 05/10/2012 03:35 PM, Richard W.M. Jones wrote:
> On Thu, May 10, 2012 at 03:29:54PM +0300, Avi Kivity wrote:
> > Currently when you mount a filesystem, you face two issues:
> > - you have to be root
> > - if the media is untrusted, it can exploit your kernel
> > 
> > With kvm and fuse, we can have a virtualized kernel mount the
> > filesystem, and re-export to the host, which mounts it using a fuse
> > interface.  This solves both problems, at the expense of speed and
> > simplicity.  In theory this can be used for mounting untrusted USB
> > sticks (perhaps only for the less well tested filesystems).
>
> I guess you CC'd me so I could point out guestmount :-?
>
>   http://libguestfs.org/guestmount.1.html

Is there a feature that libguestfs doesn't have?

Anyway I tried it out and it seems to work really well.

> guestmount does the above already, and you can point it directly at
> USB sticks, hard drives and the like, although most people use it for
> mounting VM filesystems on the host.
>
> On my local machine I'm a member of the "disk" group so I can do all
> this as non-root:
>
>   $ guestmount --ro -a /dev/vg_pin/F16x64 -i /tmp/mnt
>   $ cat /tmp/mnt/etc/redhat-release 
>   Fedora release 16 (Verne)
>   $ ls /tmp/mnt
>   bin   dev  home  lib64       media  opt   root  sbin     srv  tmp  var
>   boot  etc  lib   lost+found  mnt    proc  run   selinux  sys  usr
>
> One problem you'll find is that FUSE is pretty slow.  I recommend if
> you're looking for performance that you use the libguestfs API calls
> directly instead of POSIX-over-FUSE.

Yes, 'guestmount' consumes a fair bit of cpu.  But it probably doesn't
matter for USB sticks.

-- 
error compiling committee.c: too many arguments to function