Commit 5a8a6c2b authored by Cédric Bosdonnat's avatar Cédric Bosdonnat

machine: use squash security mode for non-root virt-sandbox mounts

When running virt-sandbox as a user with host-bind mount, the user
can't write in the mounted folder. If run as root, use passthrough
security mode, otherwise use squashed one to fix this.
Reviewed-by: 's avatarDaniel P. Berrange <berrange@redhat.com>
parent 45f63dc3
......@@ -589,7 +589,10 @@ static gboolean gvir_sandbox_builder_machine_construct_devices(GVirSandboxBuilde
fs = gvir_config_domain_filesys_new();
gvir_config_domain_filesys_set_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_MOUNT);
gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_PASSTHROUGH);
if (getuid() == 0)
gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_PASSTHROUGH);
else
gvir_config_domain_filesys_set_access_type(fs, GVIR_CONFIG_DOMAIN_FILESYS_ACCESS_SQUASH);
gvir_config_domain_filesys_set_source(fs,
gvir_sandbox_config_mount_file_get_source(mfile));
gvir_config_domain_filesys_set_target(fs, target);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment