From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:1008:1e59::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id 2CJRNqxHXWbEOQAAA41jLg (envelope-from ) for ; Mon, 03 Jun 2024 06:33:48 +0200 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id 2DEuMaxHXWbLRwEA62LTzQ (envelope-from ) for ; Mon, 03 Jun 2024 06:33:48 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=cybermesa.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1717389228; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=PcHlHrkVlu1x78Bi4v+Ly1QtR9bVWV6MVwreuyvNDMw=; b=u5epWOzSsSzKo5fmZuwrEJtHtHX33Tlm2C3GI0qept9ir5buW8AfXsT4PlRte9HshltGWl SMFRPK9R8B/yZXpgkd1oYK62oCcIkd+4vE46QwCRTCZEIs6npJNzu7g3bXGuWgP5CmJ40v tSFRKYTZ5/v88Kj6RN5jspysmN37Fj9PvD2slvTseGCD5hCezq6rZgE/92H9Zv2xsXq8cS yEZbwAQspC7s+whHNxvmK3Woetv1JwFup0JTIJ1xGVP9E6AvUe7Z/hnpbGahN4CeeS1GtL lOkJMJo5MSURwx/6IpyGMOS4Dni/CmLzPlDG8TKIKQ4gVBF+aAdUip5IMNQLEA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1717389228; a=rsa-sha256; cv=none; b=NL1NpUOKTz21n+dq8ESp5oPWBlERhRonUzzu6mJEyTjDyZZwxiEZGbh4y6jDglbFULrlku 5TQ2xqjpdqF2nDKePL5ZdG9lR4bagHNUbSlxY+8nwqcfudTcaEsvddw7TkLqqqqKfduy3i kHgElZzwejjE5DFpsJslPrPx0/pSwT/uZVLfBR+gPTSZjDzF8tDxiTiRapjClHAtfxbgap 36D+UZuxYGRf+iH2vGsOoO3z7tuC8fJuIyN7aLQ+/+bji+3liuLDo+O1CyaGT/G9wAUJHN Jsp3kKkEBSK4G+HKVqB2JQGAj8/+A2au1Y351lG+qpNhDUk8/WJRzJ1tNFDhGw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=cybermesa.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D195267930 for ; Mon, 03 Jun 2024 06:33:47 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sDxsn-0001HK-Qs; Sun, 02 Jun 2024 22:57:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sDxsm-0000uk-IX for help-guix@gnu.org; Sun, 02 Jun 2024 22:57:12 -0400 Received: from mx.cybermesa.com ([65.19.2.50] helo=smtp-out.cybermesa.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sDnAH-0000QN-GT for help-guix@gnu.org; Sun, 02 Jun 2024 11:30:35 -0400 Received: from [192.168.12.92] (unknown [172.59.0.126]) (Authenticated sender: okeefe) by smtp-out.cybermesa.com (Postfix) with ESMTPA id 1727D40329 for ; Sun, 2 Jun 2024 09:30:21 -0600 (MDT) Message-ID: Date: Sun, 2 Jun 2024 09:30:20 -0600 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: guix system vm, QEMU, virtfs, and the security_model option To: help-guix@gnu.org References: <87zfs78h62.fsf@fabionatali.com> Content-Language: en-US From: Brian O'Keefe In-Reply-To: Received-SPF: pass client-ip=65.19.2.50; envelope-from=okeefe@cybermesa.com; helo=smtp-out.cybermesa.com X-Spam_score_int: 30 X-Spam_score: 3.0 X-Spam_bar: +++ X-Spam_report: (3.0 / 5.0 requ) BAYES_00=-1.9, HTML_IMAGE_ONLY_20=1.546, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SBL_CSS=3.335, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -3.23 X-Spam-Score: -3.23 X-Migadu-Queue-Id: D195267930 X-Migadu-Scanner: mx11.migadu.com X-TUID: 2yN3Yow1MBzd Jumping in here briefly. I had installed Guix Debian Gnu/Hurd as a VM in QEMU. It work completely fine and I thought that I would keep it for some tasks. However it gobbled up disk space like crazy and I've since removed it. The install was simple and no issues. On 6/2/24 12:55AM, Efraim Flashner wrote: > On Thu, May 30, 2024 at 04:15:33PM +0100, Fabio Natali wrote: >> Hi, >> >> A quick question re the 'guix system vm' command. When used in >> combination with '--share=/foo=/bar', the command takes advantage of >> QEMU's 'virtfs' option to share a folder between the host and the guest. >> >> Interestingly, the command makes use of the 'security_model=none' >> option. An alternative, one that I've seen recommended in some QEMU >> docsā°, would be using 'security_model=mapped-xattr'. >> >> Is there any particular reason why we're using 'none' instead of >> 'mapped-xattr'? The reason I'm asking is because I'm struggling with >> some permission issues on a shared folder and I'd have a vague intuition >> (or some hope) that 'mapped-xattr' might be a solution. >> > It looks like it was set in April 2014, so it may be time to revisit > it and see if changing the security_model works. > --