Question

1

Linux KVM: Make Mapped/Shared Folder Permissions RW for Host and Guest

rated 0 times [ 1] [ 0] / answers: 1 / hits: 3386 / 1 Year ago, thu, march 30, 2023, 10:56:51

I am tearing my hair out trying to solve this permissions problem where files created by the guest cannot be accessed on the host.

Setup:

I have an Ubuntu 20.04 host and a Ubuntu 20.04 guest running through KVM. I have a shared mount setup in mapped mode. The host directory is /home/user/VMs/shared/syncthing/ accessible through the guest vm at /hostmount. I am mounting from within the guest with sudo mount -t 9p -o trans=virtio,version=9p2000.L /hostmount /hostmount. The guest VM is launched using virt-manager under the regular account user.

Current Status:

The host can create files int the share which can be read and modified by the guest.

The guest can create files in the share but they cannot be read or modified by the host user.

If I to a touch /hostmount/test.file from inside the guest as regular user user, on the host side I see the following permissions for ls –l test.file:

-rw------- 1 libvirt-qemu kvm 0 Feb 4 02:51 /home/user/VMs/shared/syncthing/test.file

Desired Status:

Of course, I could chown the file after creation, but how do I either:

Force the guest VM to create files as user on host

Grant user on host access to files created by guest vm (libvirt-qemu on host)

I have tried the suggestions from this answer. They work on pre-existing files but don't work for when the guest creates new files.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

nquirewha

Add To Favorites

Follow

Total Points: 256

Total Questions: 109

Total Answers: 122

Location: Namibia

Member since Mon, Feb 21, 2022

2 Years ago

nquirewha questions

1 systemd-resolved not resolving any domains

Wed, Jan 26, 22, 03:38, 2 Years ago

1 Cronjob: Deleting the oldest file with at least 50GB while keeping 2 files in the directory

Sun, Jan 9, 22, 12:58, 2 Years ago

1 Accidently removed networking services

Mon, Nov 1, 21, 13:50, 3 Years ago

1 Airplane Mode turns on automatically

Thu, Dec 1, 22, 09:23, 1 Year ago

1 unable to do almost anything in termianl after upgrade from 18.04lts to 20.04lts

Fri, Sep 3, 21, 13:31, 3 Years ago

View All

answered 1 Year ago tatoethin · Accepted Answer

I found a the way to solve this in this related post though I'm guessing a more elegant solution exists. If you are running your vm from the command line, you simply add the fmode and dmode options to the command. For example: --filesystem "/path/to/share","sharename",mode=mapped,fmode='0777',dmode='0777'. This would make the directory world-writeable.

If you are using libvirt xml or virt-manager, you can delete your existing shared folder and add this xml right before the end of <domain>. Note that you may have to adjust some of these parameters, I don't know what they all do.

   <qemu:commandline>

        <qemu:arg value="-fsdev"/>

        <qemu:arg value="local,security_model=mapped,id=fsdev-fs0,path=/path/to/share,fmode=0777,dmode=0777"/>

        <qemu:arg value="-device"/>

        <qemu:arg value="virtio-9p-pci,id=fs0,fsdev=fsdev-fs0,mount_tag=sharename,bus=pci.1,addr=0x0"/>

      </qemu:commandline>

If you are on Ubuntu like me, you will also need to edit your /etc/apparmor.d/abstractions/libvirt-qemu and add the line /path/to/share/{,**} rw, to the end of it. This grants ALL guests access to this path.