cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

virtfs-proxy-helper.rst (2214B)

      1QEMU 9p virtfs proxy filesystem helper
      2======================================
      3
      4Synopsis
      5--------
      6
      7**virtfs-proxy-helper** [*OPTIONS*]
      8
      9Description
     10-----------
     11
     12Pass-through security model in QEMU 9p server needs root privilege to do
     13few file operations (like chown, chmod to any mode/uid:gid).  There are two
     14issues in pass-through security model:
     15
     16- TOCTTOU vulnerability: Following symbolic links in the server could
     17  provide access to files beyond 9p export path.
     18
     19- Running QEMU with root privilege could be a security issue.
     20
     21To overcome above issues, following approach is used: A new filesystem
     22type 'proxy' is introduced. Proxy FS uses chroot + socket combination
     23for securing the vulnerability known with following symbolic links.
     24Intention of adding a new filesystem type is to allow qemu to run
     25in non-root mode, but doing privileged operations using socket IO.
     26
     27Proxy helper (a stand alone binary part of qemu) is invoked with
     28root privileges. Proxy helper chroots into 9p export path and creates
     29a socket pair or a named socket based on the command line parameter.
     30QEMU and proxy helper communicate using this socket. QEMU proxy fs
     31driver sends filesystem request to proxy helper and receives the
     32response from it.
     33
     34The proxy helper is designed so that it can drop root privileges except
     35for the capabilities needed for doing filesystem operations.
     36
     37Options
     38-------
     39
     40The following options are supported:
     41
     42.. program:: virtfs-proxy-helper
     43
     44.. option:: -h
     45
     46  Display help and exit
     47
     48.. option:: -p, --path PATH
     49
     50  Path to export for proxy filesystem driver
     51
     52.. option:: -f, --fd SOCKET_ID
     53
     54  Use given file descriptor as socket descriptor for communicating with
     55  qemu proxy fs drier. Usually a helper like libvirt will create
     56  socketpair and pass one of the fds as parameter to this option.
     57
     58.. option:: -s, --socket SOCKET_FILE
     59
     60  Creates named socket file for communicating with qemu proxy fs driver
     61
     62.. option:: -u, --uid UID
     63
     64  uid to give access to named socket file; used in combination with -g.
     65
     66.. option:: -g, --gid GID
     67
     68  gid to give access to named socket file; used in combination with -u.
     69
     70.. option:: -n, --nodaemon
     71
     72  Run as a normal program. By default program will run in daemon mode