guix system vm, QEMU, virtfs, and the security

unofficial mirror of help-guix@gnu.org 
 help / color / mirror / Atom feed

* guix system vm, QEMU, virtfs, and the security_model option
@ 2024-05-30 15:15 Fabio Natali
  2024-06-02  6:55 ` Efraim Flashner
  0 siblings, 1 reply; 4+ messages in thread
From: Fabio Natali @ 2024-05-30 15:15 UTC (permalink / raw)
  To: help-guix

Hi,

A quick question re the 'guix system vm' command. When used in
combination with '--share=/foo=/bar', the command takes advantage of
QEMU's 'virtfs' option to share a folder between the host and the guest.

Interestingly, the command makes use of the 'security_model=none'
option. An alternative, one that I've seen recommended in some QEMU
docs⁰, would be using 'security_model=mapped-xattr'.

Is there any particular reason why we're using 'none' instead of
'mapped-xattr'?  The reason I'm asking is because I'm struggling with
some permission issues on a shared folder and I'd have a vague intuition
(or some hope) that 'mapped-xattr' might be a solution.

Thanks, best wishes, Fabio.

⁰ https://wiki.qemu.org/Documentation/9psetup'

-- 
Fabio Natali
https://fabionatali.com

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: guix system vm, QEMU, virtfs, and the security_model option
  2024-05-30 15:15 guix system vm, QEMU, virtfs, and the security_model option Fabio Natali
@ 2024-06-02  6:55 ` Efraim Flashner
  2024-06-02 15:30   ` Brian O'Keefe
  2024-06-05 12:50   ` Fabio Natali
  0 siblings, 2 replies; 4+ messages in thread
From: Efraim Flashner @ 2024-06-02  6:55 UTC (permalink / raw)
  To: Fabio Natali; +Cc: help-guix

[-- Attachment #1: Type: text/plain, Size: 1109 bytes --]

On Thu, May 30, 2024 at 04:15:33PM +0100, Fabio Natali wrote:
> Hi,
> 
> A quick question re the 'guix system vm' command. When used in
> combination with '--share=/foo=/bar', the command takes advantage of
> QEMU's 'virtfs' option to share a folder between the host and the guest.
> 
> Interestingly, the command makes use of the 'security_model=none'
> option. An alternative, one that I've seen recommended in some QEMU
> docs⁰, would be using 'security_model=mapped-xattr'.
> 
> Is there any particular reason why we're using 'none' instead of
> 'mapped-xattr'?  The reason I'm asking is because I'm struggling with
> some permission issues on a shared folder and I'd have a vague intuition
> (or some hope) that 'mapped-xattr' might be a solution.
> 

It looks like it was set in April 2014, so it may be time to revisit
it and see if changing the security_model works.

-- 
Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: guix system vm, QEMU, virtfs, and the security_model option
  2024-06-02  6:55 ` Efraim Flashner
@ 2024-06-02 15:30   ` Brian O'Keefe
  2024-06-05 12:50   ` Fabio Natali
  1 sibling, 0 replies; 4+ messages in thread
From: Brian O'Keefe @ 2024-06-02 15:30 UTC (permalink / raw)
  To: help-guix

Jumping in here briefly. I had installed Guix Debian Gnu/Hurd as a VM in 
QEMU. It work completely fine and I thought that I would keep it for 
some tasks. However it gobbled up disk space like crazy and I've since 
removed it. The install was simple and no issues.

On 6/2/24 12:55AM, Efraim Flashner wrote:
> On Thu, May 30, 2024 at 04:15:33PM +0100, Fabio Natali wrote:
>> Hi,
>>
>> A quick question re the 'guix system vm' command. When used in
>> combination with '--share=/foo=/bar', the command takes advantage of
>> QEMU's 'virtfs' option to share a folder between the host and the guest.
>>
>> Interestingly, the command makes use of the 'security_model=none'
>> option. An alternative, one that I've seen recommended in some QEMU
>> docs⁰, would be using 'security_model=mapped-xattr'.
>>
>> Is there any particular reason why we're using 'none' instead of
>> 'mapped-xattr'?  The reason I'm asking is because I'm struggling with
>> some permission issues on a shared folder and I'd have a vague intuition
>> (or some hope) that 'mapped-xattr' might be a solution.
>>
> It looks like it was set in April 2014, so it may be time to revisit
> it and see if changing the security_model works.
>
-- 

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: guix system vm, QEMU, virtfs, and the security_model option
  2024-06-02  6:55 ` Efraim Flashner
  2024-06-02 15:30   ` Brian O'Keefe
@ 2024-06-05 12:50   ` Fabio Natali
  1 sibling, 0 replies; 4+ messages in thread
From: Fabio Natali @ 2024-06-05 12:50 UTC (permalink / raw)
  To: Efraim Flashner; +Cc: help-guix

On 2024-06-02, 09:55 +0300, Efraim Flashner <efraim@flashner.co.il> wrote:
> It looks like it was set in April 2014, so it may be time to revisit
> it and see if changing the security_model works.

Hey Efraim, thanks for getting back to me. Ok, got it, I'll see if I
have time to put together a patch, I'd expect the change in itself not
to be particularly difficult. Thanks, cheers, F.


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-06-05 12:50 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-05-30 15:15 guix system vm, QEMU, virtfs, and the security_model option Fabio Natali
2024-06-02  6:55 ` Efraim Flashner
2024-06-02 15:30   ` Brian O'Keefe
2024-06-05 12:50   ` Fabio Natali

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).