We previously had a chat here https://lore.kernel.org/all/348d4774-bd5f-4832-bd7e-a21491fda...@www.fastmail.com/T/ around virtiofsd and privileges and the case of trying to run virtiofsd inside an unprivileged (Kubernetes) container.
Right now we're still using 9p, and it has bugs (basically it seems like the 9p inode flushing callback tries to allocate memory to send an RPC, and this causes OOM problems) https://github.com/coreos/coreos-assembler/issues/1812 Coming back to this...as of lately in Linux, there's support for strongly isolated filesystem access via openat2(): https://lwn.net/Articles/796868/ Is there any reason we couldn't do an -o sandbox=openat2 ? This operates without any privileges at all, and should be usable (and secure enough) in our use case. I may try a patch if this sounds OK...
