Home / ubuntu / Questions / 1313547
Accepted
Mr. T
Asked: 2021-02-05 03:00:03 +0800 CST

Linux KVM: Make Mapped/Shared Folder Permissions RW for Host and Guest

  • 772

I am tearing my hair out trying to solve this permissions problem where files created by the guest cannot be accessed on the host.

Setup:

I have an Ubuntu 20.04 host and a Ubuntu 20.04 guest running through KVM. I have a shared mount setup in mapped mode. The host directory is /home/user/VMs/shared/syncthing/ accessible through the guest vm at /hostmount. I am mounting from within the guest with sudo mount -t 9p -o trans=virtio,version=9p2000.L /hostmount /hostmount. The guest VM is launched using virt-manager under the regular account user.

Current Status:

  • The host can create files int the share which can be read and modified by the guest.
  • The guest can create files in the share but they cannot be read or modified by the host user.

If I to a touch /hostmount/test.file from inside the guest as regular user user, on the host side I see the following permissions for ls –l test.file:

-rw------- 1 libvirt-qemu kvm 0 Feb 4 02:51 /home/user/VMs/shared/syncthing/test.file

Desired Status:

Of course, I could chown the file after creation, but how do I either:

  • Force the guest VM to create files as user on host
  • Grant user on host access to files created by guest vm (libvirt-qemu on host)

I have tried the suggestions from this answer. They work on pre-existing files but don't work for when the guest creates new files.

permissions

1 Answers

  1. Best Answer

    I found a the way to solve this in this related post though I'm guessing a more elegant solution exists. If you are running your vm from the command line, you simply add the fmode and dmode options to the command. For example: --filesystem "/path/to/share","sharename",mode=mapped,fmode='0777',dmode='0777'. This would make the directory world-writeable.

    If you are using libvirt xml or virt-manager, you can delete your existing shared folder and add this xml right before the end of <domain>. Note that you may have to adjust some of these parameters, I don't know what they all do.

       <qemu:commandline>
        <qemu:arg value="-fsdev"/>
        <qemu:arg value="local,security_model=mapped,id=fsdev-fs0,path=/path/to/share,fmode=0777,dmode=0777"/>
        <qemu:arg value="-device"/>
        <qemu:arg value="virtio-9p-pci,id=fs0,fsdev=fsdev-fs0,mount_tag=sharename,bus=pci.1,addr=0x0"/>
      </qemu:commandline>

    If you are on Ubuntu like me, you will also need to edit your /etc/apparmor.d/abstractions/libvirt-qemu and add the line /path/to/share/{,**} rw, to the end of it. This grants ALL guests access to this path.

    • 0