qemu/docs
Daniel P. Berrangé 3399bca451 docs: describe the security considerations with virtiofsd xattr mapping
Different guest xattr prefixes have distinct access control rules applied
by the guest. When remapping a guest xattr care must be taken that the
remapping does not allow the a guest user to bypass guest kernel access
control rules.

For example if 'trusted.*' which requires CAP_SYS_ADMIN is remapped
to 'user.virtiofs.trusted.*', an unprivileged guest user which can
write to 'user.*' can bypass the CAP_SYS_ADMIN control. Thus the
target of any remapping must be explicitly blocked from read/writes
by the guest, to prevent access control bypass.

The examples shown in the virtiofsd man page already do the right
thing and ensure safety, but the security implications of getting
this wrong were not made explicit. This could lead to host admins
and apps unwittingly creating insecure configurations.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210611120427.49736-1-berrange@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2021-07-05 10:51:26 +01:00
..
config docs: Grammar and spelling fixes 2018-07-13 10:16:04 +01:00
devel docs/devel: Add a single top-level header to MTTCG's doc 2021-06-25 10:05:36 +01:00
interop * Documentation updates 2021-06-24 09:31:26 +01:00
specs sphinx: adopt kernel readthedoc theme 2021-05-14 15:05:03 +04:00
sphinx qapi/error: Repurpose QAPIError as an abstract base exception class 2021-04-30 12:59:54 +02:00
sphinx-static sphinx: adopt kernel readthedoc theme 2021-05-14 15:05:03 +04:00
spin docs: create config/, devel/ and spin/ subdirectories 2017-06-07 18:22:03 +02:00
system docs/system/arm: Add quanta-gbs-bmc reference 2021-07-02 11:48:36 +01:00
tools docs: describe the security considerations with virtiofsd xattr mapping 2021-07-05 10:51:26 +01:00
user sphinx: adopt kernel readthedoc theme 2021-05-14 15:05:03 +04:00
amd-memory-encryption.txt docs: Add SEV-ES documentation to amd-memory-encryption.txt 2021-06-17 14:11:06 -04:00
barrier.txt ui: add an embedded Barrier client 2019-09-17 13:43:22 +02:00
block-replication.txt colo: Update Documentation for continuous replication 2020-03-03 18:04:47 +08:00
bootindex.txt docs qemu-doc: Avoid ide-drive, it's deprecated 2017-06-04 18:42:55 +03:00
can.txt docs: Fix some typos (found by codespell) 2020-11-18 09:29:41 +01:00
ccid.txt docs: update to show preferred boolean syntax for -chardev 2021-02-25 14:14:33 +01:00
COLO-FT.txt docs: update to show preferred boolean syntax for -cpu 2021-02-25 14:14:33 +01:00
colo-proxy.txt docs: update to show preferred boolean syntax for -chardev 2021-02-25 14:14:33 +01:00
conf.py docs: Fix installation of man pages with Sphinx 4.x 2021-06-03 16:43:25 +01:00
confidential-guest-support.txt s390: Recognize confidential-guest-support option 2021-02-08 16:57:38 +11:00
defs.rst.inc docs: Fix typo in the default name of the qemu-system-x86_64 binary 2021-04-01 14:28:39 +02:00
hyperv.txt i386: Make migration fail when Hyper-V reenlightenment was enabled but 'user_tsc_khz' is unset 2021-03-19 08:48:18 -04:00
igd-assign.txt vfio/pci: Add IGD documentation 2016-05-26 11:12:05 -06:00
image-fuzzer.txt docs: List all image elements currently supported by the fuzzer 2014-09-22 11:39:35 +01:00
index.rst docs/index.rst, docs/index.html.in: Reorder manuals 2020-03-12 11:14:06 +00:00
memory-hotplug.txt docs: Grammar and spelling fixes 2018-07-13 10:16:04 +01:00
meson.build sphinx: adopt kernel readthedoc theme 2021-05-14 15:05:03 +04:00
multi-thread-compression.txt Replace '-enable-kvm' with '-accel kvm' in docs and help texts 2018-06-28 19:05:32 +02:00
multiseat.txt tests/docker/test-mingw and docs: Remove --with-sdlabi=2.0 2019-02-04 15:25:21 +00:00
nvdimm.txt nvdimm: check -object memory-backend-file, readonly=on option 2021-02-01 17:07:34 -05:00
papr-pef.txt spapr: Add PEF based confidential guest support 2021-02-08 16:57:38 +11:00
pci_expander_bridge.txt pxb: cleanup 2016-03-11 16:59:12 +02:00
pcie_pci_bridge.txt pci: removed the is_express field since a uniform interface was inserted 2018-02-08 21:06:41 +02:00
pcie.txt docs: pcie: Spell out machine type needs for PCIe features 2018-03-01 16:25:37 +02:00
pvrdma.txt docs: Fix broken links 2020-09-01 09:31:33 +02:00
qcow2-cache.txt qcow2: Document the Extended L2 Entries feature 2020-08-25 08:33:20 +02:00
qdev-device-use.txt hw/ide: remove 'ide-drive' device 2021-03-18 09:22:55 +00:00
qemu_logo.pdf docs: add qemu logo to pdf 2017-01-16 10:11:43 +01:00
qemu-option-trace.rst.inc qemu-option-trace.rst.inc: Don't use option:: markup 2020-11-02 16:52:18 +00:00
qemupciserial.inf docs: Grammar and spelling fixes 2018-07-13 10:16:04 +01:00
rdma.txt migrate: remove QMP/HMP commands for speed, downtime and cache size 2021-03-18 09:22:55 +00:00
replay.txt docs: Fix some typos (found by codespell) 2020-11-18 09:29:41 +01:00
spice-port-fqdn.txt docs: add spice-port-fqdn.txt 2012-12-17 14:01:41 +01:00
throttle.txt docs: Document the throttle block filter 2020-10-02 15:46:40 +02:00
u2f.txt hw/usb: Add U2F device autoscan to passthru mode 2020-08-31 08:23:39 +02:00
usb2.txt docs/usb2.txt: ehci has six ports 2018-08-21 10:22:03 +02:00
usb-storage.txt usb: Fix typo in documentation 2017-01-24 23:26:52 +03:00
virtio-balloon-stats.txt Remove the deprecated -balloon option 2018-08-31 09:52:13 +02:00
xbzrle.txt migrate: remove QMP/HMP commands for speed, downtime and cache size 2021-03-18 09:22:55 +00:00
xen-save-devices-state.txt Fix up dangling references to qmp-commands.* in comment and doc 2018-03-02 13:48:26 -06:00