From ed76671888676792493320db53ed773a108cbd45 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 5 Sep 2024 10:19:42 +0200 Subject: 9p: remove 'proxy' filesystem backend driver It has been deprecated since 8.1; remove it and suggest using the 'local' file system backend driver instead or virtiofsd. Acked-by: Greg Kurz Signed-off-by: Paolo Bonzini --- docs/tools/index.rst | 1 - docs/tools/virtfs-proxy-helper.rst | 75 -------------------------------------- 2 files changed, 76 deletions(-) delete mode 100644 docs/tools/virtfs-proxy-helper.rst (limited to 'docs/tools') diff --git a/docs/tools/index.rst b/docs/tools/index.rst index 33ad438e86..1e88ae48cd 100644 --- a/docs/tools/index.rst +++ b/docs/tools/index.rst @@ -15,5 +15,4 @@ command line utilities and other standalone programs. qemu-nbd qemu-pr-helper qemu-trace-stap - virtfs-proxy-helper qemu-vmsr-helper diff --git a/docs/tools/virtfs-proxy-helper.rst b/docs/tools/virtfs-proxy-helper.rst deleted file mode 100644 index bd310ebb07..0000000000 --- a/docs/tools/virtfs-proxy-helper.rst +++ /dev/null @@ -1,75 +0,0 @@ -QEMU 9p virtfs proxy filesystem helper -====================================== - -Synopsis --------- - -**virtfs-proxy-helper** [*OPTIONS*] - -Description ------------ - -NOTE: The 9p 'proxy' backend is deprecated (since QEMU 8.1) and will be -removed, along with this daemon, in a future version of QEMU! - -Pass-through security model in QEMU 9p server needs root privilege to do -few file operations (like chown, chmod to any mode/uid:gid). There are two -issues in pass-through security model: - -- TOCTTOU vulnerability: Following symbolic links in the server could - provide access to files beyond 9p export path. - -- Running QEMU with root privilege could be a security issue. - -To overcome above issues, following approach is used: A new filesystem -type 'proxy' is introduced. Proxy FS uses chroot + socket combination -for securing the vulnerability known with following symbolic links. -Intention of adding a new filesystem type is to allow qemu to run -in non-root mode, but doing privileged operations using socket IO. - -Proxy helper (a stand alone binary part of qemu) is invoked with -root privileges. Proxy helper chroots into 9p export path and creates -a socket pair or a named socket based on the command line parameter. -QEMU and proxy helper communicate using this socket. QEMU proxy fs -driver sends filesystem request to proxy helper and receives the -response from it. - -The proxy helper is designed so that it can drop root privileges except -for the capabilities needed for doing filesystem operations. - -Options -------- - -The following options are supported: - -.. program:: virtfs-proxy-helper - -.. option:: -h - - Display help and exit - -.. option:: -p, --path PATH - - Path to export for proxy filesystem driver - -.. option:: -f, --fd SOCKET_ID - - Use given file descriptor as socket descriptor for communicating with - qemu proxy fs drier. Usually a helper like libvirt will create - socketpair and pass one of the fds as parameter to this option. - -.. option:: -s, --socket SOCKET_FILE - - Creates named socket file for communicating with qemu proxy fs driver - -.. option:: -u, --uid UID - - uid to give access to named socket file; used in combination with -g. - -.. option:: -g, --gid GID - - gid to give access to named socket file; used in combination with -u. - -.. option:: -n, --nodaemon - - Run as a normal program. By default program will run in daemon mode -- cgit 1.4.1