From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37650) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ejGjM-0008Hu-1e for qemu-devel@nongnu.org; Tue, 06 Feb 2018 22:49:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ejGjH-00075w-6G for qemu-devel@nongnu.org; Tue, 06 Feb 2018 22:49:08 -0500 Received: from mail-lf0-x230.google.com ([2a00:1450:4010:c07::230]:43486) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ejGjG-00075C-UA for qemu-devel@nongnu.org; Tue, 06 Feb 2018 22:49:03 -0500 Received: by mail-lf0-x230.google.com with SMTP id o89so5799894lfg.10 for ; Tue, 06 Feb 2018 19:49:02 -0800 (PST) Received: from [192.168.1.100] (static-202-152.is.net.pl. [217.144.202.152]) by smtp.googlemail.com with ESMTPSA id s185sm100103lfs.71.2018.02.06.19.48.59 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 06 Feb 2018 19:48:59 -0800 (PST) From: Piotr Jurkiewicz Message-ID: Date: Wed, 7 Feb 2018 04:48:57 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Subject: [Qemu-devel] Allow to use virtfs as overlayfs upper dir List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Hi, in order to obtain Docker-like experience I am trying to set up overlayfs merged directory inside VM. Both upper and lower directories are mounted with virtfs/9pfs from outside of the VM. However, current implementation of virtfs makes its usage as upper filesystem impossible. 1. Upper filesystem must support the creation of trusted.* extended attributes. 9pfs has support for getting/setting xattrs, but calls operating on attributes other than user.* and system.posix_acl_* are dropped. 2. Upper filesystem must provide valid d_type in readdir responses. This works, but only in case of 'passtrough' and 'none' security models. In the case of 'mapped-xattr' and 'mapped-file' models, d_type is being zeroes to DT_UNKNOWN during readdir() call. All these limitations can be resolved pretty easily, but requires some design decisions. I can prepare appropriate patches. Ad. 1. Why are operations on attributes other than than user.* and system.posix_acl_* forbidden? Is this due to security reasons? If so, can we map all of them to user.virtfs namespace, similarly as system.posix_acl_* are being mapped to user.virtfs.system.posix_acl_* in 'mapping' mode already? This way any trusted/security/system attributes will be effective only when mounted via virtfs inside VM. Ad. 2. local_readdir() can fill entry->d_type with the right DT_* value by obtaining file type from mapping and translating it with IFTODT() macro. This would, however, require reading 'user.virtfs.mode' for each direntry during readdir() call, what can affect performance. If so, this behavior would probably need to be controlled with some runtime option. 'mapped-xattr' and 'mapped-file' models are essential for running qemu with overlayfs as non-root, because overlayfs creates device nodes, what is possible for unprivileged user only with these models. I am looking forward for your opinions. Piotr