On 05/10/2012 03:35 PM, Richard W.M. Jones wrote: > On Thu, May 10, 2012 at 03:29:54PM +0300, Avi Kivity wrote: > > Currently when you mount a filesystem, you face two issues: > > - you have to be root > > - if the media is untrusted, it can exploit your kernel > > > > With kvm and fuse, we can have a virtualized kernel mount the > > filesystem, and re-export to the host, which mounts it using a fuse > > interface. This solves both problems, at the expense of speed and > > simplicity. In theory this can be used for mounting untrusted USB > > sticks (perhaps only for the less well tested filesystems). > > I guess you CC'd me so I could point out guestmount :-? > > http://libguestfs.org/guestmount.1.html
Is there a feature that libguestfs doesn't have? Anyway I tried it out and it seems to work really well. > guestmount does the above already, and you can point it directly at > USB sticks, hard drives and the like, although most people use it for > mounting VM filesystems on the host. > > On my local machine I'm a member of the "disk" group so I can do all > this as non-root: > > $ guestmount --ro -a /dev/vg_pin/F16x64 -i /tmp/mnt > $ cat /tmp/mnt/etc/redhat-release > Fedora release 16 (Verne) > $ ls /tmp/mnt > bin dev home lib64 media opt root sbin srv tmp var > boot etc lib lost+found mnt proc run selinux sys usr > > One problem you'll find is that FUSE is pretty slow. I recommend if > you're looking for performance that you use the libguestfs API calls > directly instead of POSIX-over-FUSE. Yes, 'guestmount' consumes a fair bit of cpu. But it probably doesn't matter for USB sticks. -- error compiling committee.c: too many arguments to function
