Pierre Neyron
2016-Oct-14 17:25 UTC
[Libguestfs] guestmount issue with change directory (cd)
Hello, I've got a strange behavior with guestmount: I've a root directory with mod/owner = drwx------ root root. I cannot change directory to it as a regular user (as normal), but I can list its content (not normally normal) and I can change directory to a subdirectory in it which is mod drwxr-xr-x. E.g: $ mkdir /tmp/mnt $ guestmount --ro -i -a test.qcow2 /tmp/mnt/ $ cd /tmp/mnt $ ls -ld root/ drwx------ 4 root root 4096 Oct 14 19:21 root/ $ ls -l root/ total 4 drwxr-xr-x 2 root root 4096 Oct 14 19:21 subdir $ cd root bash: cd: root: Permission denied $ cd root/subdir $ pwd /tmp/mnt/root/subdir Also tar is ok as well: $ cd /tmp/mnt $ tar cf /tmp/tar.tar . $ tar tf /tmp/tar.tar | grep -e "^./root/subdir/$" ./root/subdir/ This is for sure some fuse magic to allow the regular user to list files just as if he is root (after all, guestmount did not require to be root in the first place). I'm very ok with that since this is very useful, but then I would expect `cd root' to be OK as well ? I'm using $ guestmount -V guestmount 1.32.7 Best regards, PS: @moderators: sorry for the noise with cancelled messages, I fixed typos... :/ -- Pierre
Richard W.M. Jones
2016-Oct-14 18:27 UTC
Re: [Libguestfs] guestmount issue with change directory (cd)
On Fri, Oct 14, 2016 at 07:25:42PM +0200, Pierre Neyron wrote:> Hello, > > I've got a strange behavior with guestmount: I've a root directory with > mod/owner = drwx------ root root. I cannot change directory to it as a > regular user (as normal), but I can list its content (not normally > normal) and I can change directory to a subdirectory in it which is mod > drwxr-xr-x. > > E.g: > $ mkdir /tmp/mnt > $ guestmount --ro -i -a test.qcow2 /tmp/mnt/ > $ cd /tmp/mnt > $ ls -ld root/ > drwx------ 4 root root 4096 Oct 14 19:21 root/ > $ ls -l root/ > total 4 > drwxr-xr-x 2 root root 4096 Oct 14 19:21 subdir > $ cd root > bash: cd: root: Permission denied > $ cd root/subdir > $ pwd > /tmp/mnt/root/subdir > > Also tar is ok as well: > $ cd /tmp/mnt > $ tar cf /tmp/tar.tar . > $ tar tf /tmp/tar.tar | grep -e "^./root/subdir/$" > ./root/subdir/ > > This is for sure some fuse magic to allow the regular user to list files > just as if he is root (after all, guestmount did not require to be root > in the first place).This isn't exactly what's happening. libguestfs runs an appliance, and inside the appliance everything runs as root [not the same as host root], so has access to every file in the disk image. guestmount runs as your [host] user, translating everything into libguestfs API calls. However FUSE is a bit strange in that it allows you to create files which appear to come from other users. There are various options which let you change this behaviour, have a look at the `-o' options in the `guestmount --fuse-help' output and the guestmount and FUSE manuals. In this case you've created a root-owned directory which you (as non-root) cannot access. The usual solution to all these problems is just to use the libguestfs API directly, which gives you a great deal more control, supports xattrs properly, and is also a bit faster. Rich.> I'm very ok with that since this is very useful, > but then I would expect `cd root' to be OK as well ? > > I'm using > $ guestmount -V > guestmount 1.32.7 > > Best regards, > > PS: @moderators: sorry for the noise with cancelled messages, I fixed > typos... :/ > -- > Pierre > > > >> _______________________________________________ > Libguestfs mailing list > Libguestfs@redhat.com > https://www.redhat.com/mailman/listinfo/libguestfs-- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-builder quickly builds VMs from scratch http://libguestfs.org/virt-builder.1.html
Possibly Parallel Threads
- [PATCH] fuse: Add guestmount-cleanup program to handle unmounting (RHBZ#916780).
- [PATCH] Fix build error in fuse/guestmount.c
- [PATCH] fuse: Add missing #include to guestmount.c
- [PATCH] guestmount: use O_ACCMODE instead of hard coding
- Possible to speed up guestmount?