On Thu, Sep 29, 2022, at 1:03 PM, Vivek Goyal wrote:
>
> So rust version of virtiofsd, already supports running unprivileged
> (inside a user namespace).
I know, but as I already said, the use case here is running inside an OpenShift
unprivileged pod where *we are already in a container*.
>
On Thu, Sep 29, 2022, at 10:10 AM, Vivek Goyal wrote:
> What's your use case. How do you plan to use virtiofs.
At the current time, the Kubernetes that we run does not support user
namespaces. We want to do the production builds of our operating system
(Fedora CoreOS and RHEL CoreOS) today
On Wed, Sep 28, 2022, at 3:28 PM, Vivek Goyal wrote:
> Sounds reasonable. In fact, we could probably do someting similar
> for "landlock" as well.
Thanks for the discussion all! Can someone (vaguely) commit to look into this
in say the next few months? It's not *urgent*, we can live with the
On Tue, Sep 27, 2022, at 1:27 PM, German Maglione wrote:
>
>> > Now all the development has moved to rust virtiofsd.
Oh, awesome!! The code there looks great.
> I could work on this for the next major version and see if anything breaks.
> But I prefer to add this as a compilation feature,
We previously had a chat here
https://lore.kernel.org/all/348d4774-bd5f-4832-bd7e-a21491fda...@www.fastmail.com/T/
around virtiofsd and privileges and the case of trying to run virtiofsd inside
an unprivileged (Kubernetes) container.
Right now we're still using 9p, and it has bugs (basically it
On Wed, Jun 17, 2020, at 8:50 AM, Stefan Hajnoczi wrote:
> Something along these lines should work. Hopefully seccomp can be
> retained. It would also be necessary to check how not having the shared
> directory as / in the mount namespace affects functionality. For one,
> I'm pretty sure
On Tue, Jun 2, 2020, at 5:55 AM, Stefan Hajnoczi wrote:
>
> Ping Colin. It would be great if you have time to share your thoughts on
> this discussion and explain how you are using this patch.
Yeah sorry about not replying in this thread earlier, this was just a quick
Friday side project for
On Mon, May 4, 2020, at 10:07 AM, Marc-André Lureau wrote:
> Now that systemd-nspawn works without privileges, isn't that also a
> solution? One that would fit both system and session level
> permissions, and integration with other services?
This is a complex topic and one I should probably
the containerization
itself)
Signed-off-by: Colin Walters
---
tools/virtiofsd/passthrough_ll.c | 26 +-
1 file changed, 21 insertions(+), 5 deletions(-)
diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c
index 4c35c95b25..468617f6d6 100644
