[Pkg-rust-maintainers] Bug#1094773: virtiofsd: UID/GID mapping doesn't work anymore

Simon John simon at the-jedi.co.uk
Tue Feb 4 00:57:59 GMT 2025 

On Fri, 31 Jan 2025 19:20:44 +0300 Michael Tokarev <mjt at tls.msk.ru> wrote:
> 31.01.2025 17:10, Simon John wrote:
> 
> > simon     390398  0.0  0.0   6512  3940 ?        S    13:37   0:00 /usr/libexec/virtiofsd --fd=34 -o source=/ssd/shared --uid-map=:0:501:1: --uid- 
> > map=:501:501:1: --gid-map=:0:501:1: --gid-map=:501:501:1:
> 
> That helps but is not enough.
> 
> When it fails, does /var/log/libvirt/qemu/$VMNAME.log contain something interesting,
> or /var/log/libvirt/qemu/$VMNAME-$FSALIAS-virtiofsd.log?
> The virtiofsd command line should be there somewhere too.

I have no logs there, I played around with /etc/libvirt/virtlogd.conf 
but still got no mention of virtiofs, nothing in journalctl either.

I just tried 1.13.0-5 and its no different although I noticed from the 
help text that 1.10.1 is using the deprecated -o option to specify the 
source which should probably be --shared-dir, so I tried removing the 
config from virt-manager

   <idmap>
     <uid start="0" target="501" count="1"/>
     <uid start="501" target="501" count="1"/>
     <gid start="0" target="501" count="1"/>
     <gid start="501" target="501" count="1"/>
   </idmap>

and then it somehow auto-regenerated it as:

   <idmap>
     <uid start="0" target="501" count="1"/>
     <uid start="1" target="10000" count="65536"/>
     <gid start="0" target="501" count="1"/>
     <gid start="1" target="10000" count="65536"/>
   </idmap>

which I guess its reading from /etc/subgid and subuid.

That results in the following process:

/usr/libexec/virtiofsd --fd=32 --shared-dir /ssd/shared 
--uid-map=:0:501:1: --uid-map=:1:10000:65536: --gid-map=:0:501:1: 
--gid-map=:1:10000:65536:

But now I can no longer write to the share from the guest as my 
unprivileged user, I can only write to it as root which gets mapped to 
501:501 on the host, as the share in the guest gets set to root:root 
instead of the previous 501:501 behaviour of 1.10.1

I can't actually find any docs anymore on idmap for virtiofsd in 
qemu://session, I even tried setting only one uid/gid map in the xml, 
but that made no difference, still can only write as root.

-- 
Simon John

More information about the Pkg-rust-maintainers mailing list