qemu-e2k/docs/tools
Daniel P. Berrangé 3399bca451 docs: describe the security considerations with virtiofsd xattr mapping
Different guest xattr prefixes have distinct access control rules applied
by the guest. When remapping a guest xattr care must be taken that the
remapping does not allow the a guest user to bypass guest kernel access
control rules.

For example if 'trusted.*' which requires CAP_SYS_ADMIN is remapped
to 'user.virtiofs.trusted.*', an unprivileged guest user which can
write to 'user.*' can bypass the CAP_SYS_ADMIN control. Thus the
target of any remapping must be explicitly blocked from read/writes
by the guest, to prevent access control bypass.

The examples shown in the virtiofsd man page already do the right
thing and ensure safety, but the security implications of getting
this wrong were not made explicit. This could lead to host admins
and apps unwittingly creating insecure configurations.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210611120427.49736-1-berrange@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-07-05 10:51:26 +01:00
..
index.rst docs: simplify each section title 2021-04-01 15:27:44 +04:00
qemu-img.rst Document qemu-img options data_file and data_file_raw 2021-05-14 16:14:10 +02:00
qemu-nbd.rst qemu-nbd: Permit --shared=0 for unlimited clients 2021-02-12 07:42:08 -06:00
qemu-pr-helper.rst docs: Split qemu-pr-helper documentation into tools manual 2020-11-23 11:10:04 +00:00
qemu-storage-daemon.rst qsd: Document FUSE exports 2021-03-29 18:28:33 +02:00
qemu-trace-stap.rst docs: Move tools documentation to tools manual 2020-02-25 10:48:06 +00:00
virtfs-proxy-helper.rst docs: Move tools documentation to tools manual 2020-02-25 10:48:06 +00:00
virtiofsd.rst docs: describe the security considerations with virtiofsd xattr mapping 2021-07-05 10:51:26 +01:00