Enrico, with security_model=mapped (a.k.a. security_model=mapped-xattr) 9p is not following symlinks on host. That's the expected behaviour.
There are 2 distinct models: security_model=passthrough uses the ownership information, permissions and symlink info etc. directly from the host's file system. This model requires the qemu binary to run as high privileged user (i.e. root) though, because it needs to be able to change file ownership, permissions and so forth. For that reason this model is only appropriate for use cases where there is a certain trust to what the guest system is doing. E.g. this model is commonly used by kernel coders to build kernel/driver code on host and then test run it as guest. For untrusted guests (i.e. most cases) it is recommended to use security_model=mapped-xattr instead. In this mode all ownership information, permissions, etc. are emulated (i.e. mapped) by storing them as extended attributes on top of files on host. This way the qemu binary can run with a regular (unprivileged) user and pretend to host it would have all rights to change ownership and permissions. You can read more details about this in the 9p developer description about the 9p 'local' driver here: https://wiki.qemu.org/Documentation/9p#9p_Filesystem_Drivers -- You received this bug notification because you are a member of qemu- devel-ml, which is subscribed to QEMU. https://bugs.launchpad.net/bugs/1785902 Title: local/9pfs: Too many levels of symbolic links Status in QEMU: Incomplete Bug description: Version: 2.9.1 The primary symptom is resolving symlink fails w/ error "too many levels of symbolic links". My analysis showed that local_readlink() uses local_open_nofollow() to open the file and then tries to read it. local_open_nofollow() then tries to open the file w/ O_NOFOLLOW, which obviously fails if the requested file is a symlink. To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1785902/+subscriptions