KVM guest cannot write to 9p share owned by non-root

permissions kvm-virtualization qemu 9p

6,670

I had similar problems and never got it working with 9p, and as other commenters have said 9p is not mature.

I ended up using samba to mount a host filesystem and it's working fine. Any other network filesystem would do the job, too, probably (e.g. NFS, which is recommended by Red Hat; see link from @Diagon's comment https://access.redhat.com/discussions/1119043).

6,670

Greendrake

Updated on September 18, 2022

Comments

Greendrake almost 2 years
I am aiming to set up full write access to a 9p share for a KVM guest. Both host and guest have the same users/groups with the same IDs. Both host and guest should be able to write to the share using same usernames and I don't want to distinguish whether a file was written by host or guest. The kvm process is running as root — I set user and group to root in /etc/libvirt/qemu.conf.

In the guest definition on the host, the share is defined as follows:
```
<filesystem type='mount' accessmode='passthrough'>
  <source dir='/mnt/storage/data'/>
  <target dir='data'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</filesystem>
```
In the guest, the share is mounted as:
```
mount -t 9p -o rw,trans=virtio,version=9p2000.L,msize=262144 data /mnt/data
```
The problem is that the root user in the guest cannot write to files/folders owned by non-root user on the host. Even more strangely, the guest's root can rename and delete such files. That is, when on the host machine I create a file as a non-root user, I then simply cannot edit it as the guest's root, even though I can rename and delete it!

I also found that where a folder created on the host under non-root user has its permissions set to 777, the guest's root can write to it (i.e. create files in it). This, however, does not apply to files — they still cannot be edited regardless of permissions.

Both host and guest are running Linux server 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux. In Debian, SELinux is disabled by default and I did not enable it. I tried all three available 9p access modes (passthrough, mapped and squash) — no difference.

Just wondering if there is anything I can tweak to get it work, or is it just a bug?

Note there is a similar issue reported here: Read/write access for passthrough (9p) filesystems with libvirt/qemu? but unlike that case, I have 100% write access where files owned by root, it's just non-root user files that I cannot write to even being root on the guest.
- Spooler almost 8 years
  
  Just for information, I have never gotten this to work correctly, and have run into all of these same issues. Consequently, p9 filesystem passthrough implementations have been deprecated in recent qemu/libvirt versions.
- Diagon over 6 years
  
  Similarly here. Red hat seems to think that 9p is not ready for prime time.