From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id UDsQD2cXXGaUQwEAA41jLg (envelope-from ) for ; Sun, 02 Jun 2024 08:55:35 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id EBnwCWcXXGbK/gAA62LTzQ (envelope-from ) for ; Sun, 02 Jun 2024 08:55:35 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b="lbb+/Dr9"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1717311335; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=ArK+ObExLrY2ddW7ojkuEJqZeyPWAl296EGLDMABLE4=; b=JyTZQ+CcXYj/QOWS/JpCdHK0Bg3kpK81gRCVPcZye5TaD7f2rXU7VOB1o3Jy9l//wLjaFo hHvUJsI7Q3rnHVblVV9mO4YDBv3BgT8IvGIoUEERp0izqDBNhOL24mSB6AwPpSNRn0WaMA Ca6v86ppFCH05EeAiuXyoMYE3obF8KjEwzVRS274A8N69ad3JxMlYlhoOcsR14nWYsKek6 eQYiNjp87KkK7Tyb0yKi8/CVp/LmystMsK+qS5k+zP5GRbLXMp0RzjpDibQvTt2/lPMQuD RisQZgwJtqicluKtAtqr7f3YNspgyy4CPTV1AvFIfIVUeMdp6jJuSRfpWgUuWQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1717311335; a=rsa-sha256; cv=none; b=byk8tMNO0/B0+M8mCGTD/xW5swgz5A+9zLzp0KofLqW4D0B0n6ZX6E1328hmHnUZCo30p/ G6cS9M3wOvTqS3qgo55TJZqOGH+cUbrNyqbHJa8M3MSZb13ghT2EtolDzOpe3OBibvcM8X +FsjWnPDLFmynkkhRsDlsWhplfJwSsTR7IttKwqjg8oLIsXusYHzoHj9dGHHMuDhh3TWQU TFWorr0ZjE5kXF/V8zD8nj+3I9dmEffOlXGy26cYrrZEpe7n+WgmhYe0UZm7Hf7/3SE/wV gIiq+50EC5LRem3OXeS+5pBOqYh0hSqsLNQ3BqcXzIre7AMS9lg61q0+tx3C8g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20230601 header.b="lbb+/Dr9"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8B9DE75049 for ; Sun, 02 Jun 2024 08:55:34 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sDf7a-0000sa-0Y; Sun, 02 Jun 2024 02:55:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sDf7Z-0000r6-5n for help-guix@gnu.org; Sun, 02 Jun 2024 02:55:13 -0400 Received: from mail-wm1-x331.google.com ([2a00:1450:4864:20::331]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sDf7V-0004yN-99 for help-guix@gnu.org; Sun, 02 Jun 2024 02:55:11 -0400 Received: by mail-wm1-x331.google.com with SMTP id 5b1f17b1804b1-42121d28664so29738955e9.2 for ; Sat, 01 Jun 2024 23:55:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717311306; x=1717916106; darn=gnu.org; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date:message-id:reply-to; bh=ArK+ObExLrY2ddW7ojkuEJqZeyPWAl296EGLDMABLE4=; b=lbb+/Dr9lQKCIdcdr/uaDUCPlQCqDBMqWgxMj3izQmQZrcDxEvYMlIawi092lT61xJ tALr6W/+fL3sWddD+hfAicuxAyEoECmHOPXd/B3nZInuUtBJkljSOCutSYIFkd3W4Nv9 QWNu7gwuVw4UdCUfJT911RCFffo50+jMXKv6fXEcHGcgpg5BcMgUUmeOvnFMCojNAEHN P5zgW4pE5r52kzOCawq3z7MS1GclZDnw5PRk1ixnb/Q1yMuAz5hbnTTJ7nCMhi7bsYfu phFRBPwxW5DL7RWiq5rBYXacv7TY/UrKAsTHQ71m4nddrQ0hxHi5GdTsCnbYHg1W5nzA k/tQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717311306; x=1717916106; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ArK+ObExLrY2ddW7ojkuEJqZeyPWAl296EGLDMABLE4=; b=vIKJRzzVheI78Pf4CIWthJ3slEnNEWFx6npAj+rxGvDopUahxzAlv4kC4r/9/+IuUp lAzPgv9q6vikYMS9lN0rcfvmnuvImOg+3JJ2HaG1t3J4niLdxxgjQEkB5cU2EtoMsdhy HBHVQIXxn49aI6Lj7i6+v2AuvL9s4UdpvDy/la9fhgTiIWD8aXP7qc40dz2i+MNPeOpG PpsY/XS6u6j2Xfcd23DYEL2mReTlXzJ8znUpM/ln1BO6C/dqnV1esjWXxQsr4DLq9l6J gzf0tPOam6dRi9UdnM/7rqKaC+nLCKPZJ7HixFoJeemBlXrqtyPpyvx1SHiR9litlKPq jdJA== X-Gm-Message-State: AOJu0YzkD+7oF0DznrFZAm3jv4w2Xv5qkrJsprgoj9Bjt5acIKSGTlaF K3m2tUI8mVwXxpXyhvb9Fku7PrHHB4/ZAvs1390jF4FHbDxpvb0U3YnBf2FX X-Google-Smtp-Source: AGHT+IGx1S/DEfecIgdkeJYVET91r6zqczjw33z6xpueN9zZvtNEUoHaDdzQMWwGRO4kCMyUJE3IdA== X-Received: by 2002:a05:600c:1e12:b0:421:2a43:6518 with SMTP id 5b1f17b1804b1-4212e0c12ddmr50378095e9.33.1717311306181; Sat, 01 Jun 2024 23:55:06 -0700 (PDT) Received: from localhost ([141.226.15.89]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-35dd04c0d98sm5395665f8f.24.2024.06.01.23.55.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 01 Jun 2024 23:55:05 -0700 (PDT) Date: Sun, 2 Jun 2024 09:55:04 +0300 From: Efraim Flashner To: Fabio Natali Cc: help-guix@gnu.org Subject: Re: guix system vm, QEMU, virtfs, and the security_model option Message-ID: Mail-Followup-To: Fabio Natali , help-guix@gnu.org References: <87zfs78h62.fsf@fabionatali.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="jz+ghefSMCNAYBrA" Content-Disposition: inline In-Reply-To: <87zfs78h62.fsf@fabionatali.com> X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Received-SPF: pass client-ip=2a00:1450:4864:20::331; envelope-from=efraim.flashner@gmail.com; helo=mail-wm1-x331.google.com X-Spam_score_int: -17 X-Spam_score: -1.8 X-Spam_bar: - X-Spam_report: (-1.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -3.94 X-Spam-Score: -3.94 X-Migadu-Queue-Id: 8B9DE75049 X-Migadu-Scanner: mx11.migadu.com X-TUID: H4csowyNsVop --jz+ghefSMCNAYBrA Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, May 30, 2024 at 04:15:33PM +0100, Fabio Natali wrote: > Hi, >=20 > A quick question re the 'guix system vm' command. When used in > combination with '--share=3D/foo=3D/bar', the command takes advantage of > QEMU's 'virtfs' option to share a folder between the host and the guest. >=20 > Interestingly, the command makes use of the 'security_model=3Dnone' > option. An alternative, one that I've seen recommended in some QEMU > docs=E2=81=B0, would be using 'security_model=3Dmapped-xattr'. >=20 > Is there any particular reason why we're using 'none' instead of > 'mapped-xattr'? The reason I'm asking is because I'm struggling with > some permission issues on a shared folder and I'd have a vague intuition > (or some hope) that 'mapped-xattr' might be a solution. >=20 It looks like it was set in April 2014, so it may be time to revisit it and see if changing the security_model works. --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --jz+ghefSMCNAYBrA Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmZcF0QACgkQQarn3Mo9 g1GCrhAAscGVgvUBi8i0T8m/xQbMtn4yTT/BtEr0wo/USD8uiqIY7ZQbfeVOjKoR mi+o5gL/ci9qWsptQ1xh9PhtVLjp9wKzRGw399A3Az/N3pbQVN9Rz3VSNFjAJZ8F F510kTe6j8STacpm3FZsmaSSWwn2KIOz2WHSzbFOJFzdcFzNJ7SVGUCGIfMFhAH1 iesaI8hILsLPsGrpM0zSqiZCup3a0gbA7npxDLJtxx0d6m3I7Yx7hHKgnP8CTg9C hGwJ2FI1oXWG6ahuCPCNEMGfpXzu3abfEcef/+C3N3WtLjH18w3YlPTEKsrC0srn dBuL2efD8D7lhinpztBqq5tn+gBgmmrpe3uWPk+BGphBeDc7mgAU90P+CrlNByu3 5Eoaio7HX3fxoXx4CGm+HV77lfzhz4r8+d7O9qrwDyxQG7goKow1YmrCbsc7oTHF FVZbfVA3RxstfJ3SXU+ZkM4uSN6u2nOkuUpZ9r9ulfGRXFy8/Qbu5gX2ptE1crzh BuQNBGBeSaTF2Yqyw7BoJ5caVYKVrspsrUWaHbCDS50SXHHbOIuNvY+Jv1UaB8wZ +iHrJd+0Al/YzO7nzre9ABkrPc6pwcvjiNBZ0pjMikIhM4tu7Uc9tPP63CiE9iRM CuFAy+4WxdZMyC4iDafRfxxe8Fwf4RQxUSNO2PjfVaOVf99lvnQ= =8fVx -----END PGP SIGNATURE----- --jz+ghefSMCNAYBrA--