* [PATCH] test: 9p: switch security_model from mapped to none
@ 2026-02-15 18:05 Ahmad Fatoum
0 siblings, 0 replies; 2+ messages in thread
From: Ahmad Fatoum @ 2026-02-15 18:05 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
QEMU's security_model=mapped doesn't allow reading host symlinks (those
not created through 9P) and instead returns ELOOP.
Switch to security_model=none, which passes through real filesystem
semantics (including symlinks) while silently ignoring ownership and
permission changes that would require root.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
Documentation/user/virtio.rst | 2 +-
conftest.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/user/virtio.rst b/Documentation/user/virtio.rst
index 4a46713f66aa..b7f5b8b23f99 100644
--- a/Documentation/user/virtio.rst
+++ b/Documentation/user/virtio.rst
@@ -101,7 +101,7 @@ The current working directory can be passed to the guest via the ``virtio-9p``
device::
qemu-system-aarch64 -kernel barebox-dt-2nd.img -machine virt,highmem=off \
- -fsdev local,security_model=mapped,id=fsdev0,path=. \
+ -fsdev local,security_model=none,id=fsdev0,path=. \
-device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=hostshare
-cpu cortex-a57 -m 1024M -nographic \
-serial mon:stdio -trace file=/dev/null
diff --git a/conftest.py b/conftest.py
index e6485fcb9575..7ebd08f428c6 100644
--- a/conftest.py
+++ b/conftest.py
@@ -260,7 +260,7 @@ def strategy(request, target, pytestconfig): # noqa: max-complexity=30
tag = fs.pop() if fs else f"fs{i}"
strategy.append_qemu_args(
- "-fsdev", f"local,security_model=mapped,id=fs{i},path={path}",
+ "-fsdev", f"local,security_model=none,id=fs{i},path={path}",
"-device", f"virtio-9p-{virtio},id=fs{i},fsdev=fs{i},mount_tag={tag}"
)
else:
--
2.47.3
^ permalink raw reply [flat|nested] 2+ messages in thread* [PATCH] test: 9p: switch security_model from mapped to none
@ 2026-02-15 17:20 Ahmad Fatoum
0 siblings, 0 replies; 2+ messages in thread
From: Ahmad Fatoum @ 2026-02-15 17:20 UTC (permalink / raw)
To: barebox; +Cc: Ahmad Fatoum
QEMU's security_model=mapped doesn't allow reading host symlinks (those
not created through 9P) and instead returns ELOOP.
Switch to security_model=none, which passes through real filesystem
semantics (including symlinks) while silently ignoring ownership and
permission changes that would require root.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
Documentation/user/virtio.rst | 2 +-
conftest.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/Documentation/user/virtio.rst b/Documentation/user/virtio.rst
index 4a46713f66aa..b7f5b8b23f99 100644
--- a/Documentation/user/virtio.rst
+++ b/Documentation/user/virtio.rst
@@ -101,7 +101,7 @@ The current working directory can be passed to the guest via the ``virtio-9p``
device::
qemu-system-aarch64 -kernel barebox-dt-2nd.img -machine virt,highmem=off \
- -fsdev local,security_model=mapped,id=fsdev0,path=. \
+ -fsdev local,security_model=none,id=fsdev0,path=. \
-device virtio-9p-pci,id=fs0,fsdev=fsdev0,mount_tag=hostshare
-cpu cortex-a57 -m 1024M -nographic \
-serial mon:stdio -trace file=/dev/null
diff --git a/conftest.py b/conftest.py
index e6485fcb9575..7ebd08f428c6 100644
--- a/conftest.py
+++ b/conftest.py
@@ -260,7 +260,7 @@ def strategy(request, target, pytestconfig): # noqa: max-complexity=30
tag = fs.pop() if fs else f"fs{i}"
strategy.append_qemu_args(
- "-fsdev", f"local,security_model=mapped,id=fs{i},path={path}",
+ "-fsdev", f"local,security_model=none,id=fs{i},path={path}",
"-device", f"virtio-9p-{virtio},id=fs{i},fsdev=fs{i},mount_tag={tag}"
)
else:
--
2.47.3
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-02-15 18:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-02-15 18:05 [PATCH] test: 9p: switch security_model from mapped to none Ahmad Fatoum
-- strict thread matches above, loose matches on Subject: below --
2026-02-15 17:20 Ahmad Fatoum
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox