From 0f144d5db4e19a8a6cbb143845e2e88a93804e46 Mon Sep 17 00:00:00 2001 From: Sergio Lopez Date: Mon, 29 Jun 2026 13:55:41 +0200 Subject: [PATCH] virtio-fs: make permission semantics configurable libkrun 1.19.3 introduces the ability to choose the permission semantics for virtio-fs devices through the new krun_add_virtiofs4 function. Let's switch to using such function, and also use "simplified" sematnics by default, since those are closer to the expectations of users running container tools on macOS. Signed-off-by: Sergio Lopez --- Cargo.lock | 2 +- docs/usage.md | 7 +++++++ src/virtio.rs | 44 ++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 50 insertions(+), 3 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 655996b..c460fd6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -266,7 +266,7 @@ dependencies = [ [[package]] name = "krunkit" -version = "1.2.1" +version = "1.2.2" dependencies = [ "anyhow", "clap", diff --git a/docs/usage.md b/docs/usage.md index f878bc1..3ea2e2b 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -215,6 +215,7 @@ the arguments. - `sharedDir`: Path to the host directory that will be shared with the guest. - `mountTag`: Tag to be used to mount the shared directory in the guest. +- `permissionSemantics`: (Optional) Permission semantics to be used in the virtio-fs device. Supported values: `complete`, `simplified`. Default value is `simplified`. #### Example @@ -224,6 +225,12 @@ This will share `/Users/user/shared-dir` with the guest: --device virtio-fs,sharedDir=/Users/user/shared-dir,mountTag=MOUNT_TAG ``` +To use complete permission semantics: + +``` +--device virtio-fs,sharedDir=/Users/user/shared-dir,mountTag=MOUNT_TAG,permissionSemantics=complete +``` + ## Restful Service Recall that the RESTful service is started at the address specified in the `--restful-uri` argument (or diff --git a/src/virtio.rs b/src/virtio.rs index 9a6e337..1d3baf3 100644 --- a/src/virtio.rs +++ b/src/virtio.rs @@ -52,7 +52,14 @@ extern "C" { ) -> i32; fn krun_add_vsock_port2(ctx_id: u32, port: u32, c_filepath: *const c_char, listen: bool) -> i32; - fn krun_add_virtiofs(ctx_id: u32, c_tag: *const c_char, c_path: *const c_char) -> i32; + fn krun_add_virtiofs4( + ctx_id: u32, + c_tag: *const c_char, + c_path: *const c_char, + shm_size: u64, + read_only: bool, + semantics: u32, + ) -> i32; fn krun_set_console_output(ctx_id: u32, c_filepath: *const c_char) -> i32; fn krun_add_net_unixgram( ctx_id: u32, @@ -92,6 +99,25 @@ impl FromStr for DiskImageFormat { } } +#[derive(Clone, Debug, Default, PartialEq)] +pub enum FsPermissions { + Complete = 0, + #[default] + Simplified = 1, +} + +impl FromStr for FsPermissions { + type Err = anyhow::Error; + + fn from_str(s: &str) -> Result { + match s.to_lowercase().as_str() { + "complete" => Ok(FsPermissions::Complete), + "simplified" => Ok(FsPermissions::Simplified), + _ => Err(anyhow!("unsupported permission semantics")), + } + } +} + /// Each virito device configures itself with krun differently. This is used by each virtio device /// to set their respective configurations with libkrun. pub trait KrunContextSet { @@ -584,6 +610,8 @@ pub struct FsConfig { /// Guest mount tag for shared directory. pub mount_tag: PathBuf, + + pub permission_semantics: FsPermissions, } impl FromStr for FsConfig { @@ -602,6 +630,10 @@ impl FromStr for FsConfig { fs_config.mount_tag = PathBuf::from_str(mount_tag.as_str()).context("mountTag argument not a valid path")?; + if let Some(p) = args.remove("permissionSemantics") { + fs_config.permission_semantics = FsPermissions::from_str(p.as_str())?; + } + check_unknown_args(args, "virtio-fs")?; Ok(fs_config) @@ -614,7 +646,15 @@ impl KrunContextSet for FsConfig { let shared_dir_cstr = path_to_cstring(&self.shared_dir)?; let mount_tag_cstr = path_to_cstring(&self.mount_tag)?; - if krun_add_virtiofs(id, mount_tag_cstr.as_ptr(), shared_dir_cstr.as_ptr()) < 0 { + if krun_add_virtiofs4( + id, + mount_tag_cstr.as_ptr(), + shared_dir_cstr.as_ptr(), + 0, + false, + self.permission_semantics.clone() as u32, + ) < 0 + { return Err(anyhow!(format!( "unable to add virtiofs shared directory {} with mount tag {}", &self.shared_dir.display(),