[mirror_qemu.git] / docs / tools / virtiofsd.rst

QEMU virtio-fs shared file system daemon
========================================

Synopsis
--------

**virtiofsd** [*OPTIONS*]

Description
-----------

Share a host directory tree with a guest through a virtio-fs device.  This
program is a vhost-user backend that implements the virtio-fs device.  Each
virtio-fs device instance requires its own virtiofsd process.

This program is designed to work with QEMU's ``--device vhost-user-fs-pci``
but should work with any virtual machine monitor (VMM) that supports
vhost-user.  See the Examples section below.

This program must be run as the root user.  Upon startup the program will
switch into a new file system namespace with the shared directory tree as its
root.  This prevents "file system escapes" due to symlinks and other file
system objects that might lead to files outside the shared directory.  The
program also sandboxes itself using seccomp(2) to prevent ptrace(2) and other
vectors that could allow an attacker to compromise the system after gaining
control of the virtiofsd process.

Options
-------

.. program:: virtiofsd

.. option:: -h, --help

  Print help.

.. option:: -V, --version

  Print version.

.. option:: -d

  Enable debug output.

.. option:: --syslog

  Print log messages to syslog instead of stderr.

.. option:: -o OPTION

  * debug -
    Enable debug output.

  * flock|no_flock -
    Enable/disable flock.  The default is ``no_flock``.

  * modcaps=CAPLIST
    Modify the list of capabilities allowed; CAPLIST is a colon separated
    list of capabilities, each preceded by either + or -, e.g.
    ''+sys_admin:-chown''.

  * log_level=LEVEL -
    Print only log messages matching LEVEL or more severe.  LEVEL is one of
    ``err``, ``warn``, ``info``, or ``debug``.  The default is ``info``.

  * posix_lock|no_posix_lock -
    Enable/disable remote POSIX locks.  The default is ``no_posix_lock``.

  * readdirplus|no_readdirplus -
    Enable/disable readdirplus.  The default is ``readdirplus``.

  * source=PATH -
    Share host directory tree located at PATH.  This option is required.

  * timeout=TIMEOUT -
    I/O timeout in seconds.  The default depends on cache= option.

  * writeback|no_writeback -
    Enable/disable writeback cache. The cache allows the FUSE client to buffer
    and merge write requests.  The default is ``no_writeback``.

  * xattr|no_xattr -
    Enable/disable extended attributes (xattr) on files and directories.  The
    default is ``no_xattr``.

.. option:: --socket-path=PATH

  Listen on vhost-user UNIX domain socket at PATH.

.. option:: --socket-group=GROUP

  Set the vhost-user UNIX domain socket gid to GROUP.

.. option:: --fd=FDNUM

  Accept connections from vhost-user UNIX domain socket file descriptor FDNUM.
  The file descriptor must already be listening for connections.

.. option:: --thread-pool-size=NUM

  Restrict the number of worker threads per request queue to NUM.  The default
  is 64.

.. option:: --cache=none|auto|always

  Select the desired trade-off between coherency and performance.  ``none``
  forbids the FUSE client from caching to achieve best coherency at the cost of
  performance.  ``auto`` acts similar to NFS with a 1 second metadata cache
  timeout.  ``always`` sets a long cache lifetime at the expense of coherency.
  The default is ``auto``.

Examples
--------

Export ``/var/lib/fs/vm001/`` on vhost-user UNIX domain socket
``/var/run/vm001-vhost-fs.sock``:

::

  host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
  host# qemu-system-x86_64 \
      -chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \
      -device vhost-user-fs-pci,chardev=char0,tag=myfs \
      -object memory-backend-memfd,id=mem,size=4G,share=on \
      -numa node,memdev=mem \
      ...
  guest# mount -t virtiofs myfs /mnt
Commit	Line	Data
6a7e2bbe SH	1	QEMU virtio-fs shared file system daemon
	2	========================================
	3
	4	Synopsis
	5	--------
	6
	7	virtiofsd [OPTIONS]
	8
	9	Description
	10	-----------
	11
	12	Share a host directory tree with a guest through a virtio-fs device. This
	13	program is a vhost-user backend that implements the virtio-fs device. Each
	14	virtio-fs device instance requires its own virtiofsd process.
	15
	16	This program is designed to work with QEMU's ``--device vhost-user-fs-pci``
	17	but should work with any virtual machine monitor (VMM) that supports
	18	vhost-user. See the Examples section below.
	19
	20	This program must be run as the root user. Upon startup the program will
	21	switch into a new file system namespace with the shared directory tree as its
	22	root. This prevents "file system escapes" due to symlinks and other file
	23	system objects that might lead to files outside the shared directory. The
	24	program also sandboxes itself using seccomp(2) to prevent ptrace(2) and other
	25	vectors that could allow an attacker to compromise the system after gaining
	26	control of the virtiofsd process.
	27
	28	Options
	29	-------
	30
	31	.. program:: virtiofsd
	32
	33	.. option:: -h, --help
	34
	35	Print help.
	36
	37	.. option:: -V, --version
	38
	39	Print version.
	40
	41	.. option:: -d
	42
	43	Enable debug output.
	44
	45	.. option:: --syslog
	46
	47	Print log messages to syslog instead of stderr.
	48
	49	.. option:: -o OPTION
	50
	51	* debug -
	52	Enable debug output.
	53
	54	* flock\|no_flock -
	55	Enable/disable flock. The default is ``no_flock``.
	56
3005c099 DDAG	57	* modcaps=CAPLIST
	58	Modify the list of capabilities allowed; CAPLIST is a colon separated
	59	list of capabilities, each preceded by either + or -, e.g.
	60	''+sys_admin:-chown''.
	61
6a7e2bbe SH	62	* log_level=LEVEL -
	63	Print only log messages matching LEVEL or more severe. LEVEL is one of
	64	``err``, ``warn``, ``info``, or ``debug``. The default is ``info``.
	65
6a7e2bbe	66	* posix_lock\|no_posix_lock -
88fc1079	67	Enable/disable remote POSIX locks. The default is ``no_posix_lock``.
6a7e2bbe SH	68
	69	* readdirplus\|no_readdirplus -
	70	Enable/disable readdirplus. The default is ``readdirplus``.
	71
	72	* source=PATH -
	73	Share host directory tree located at PATH. This option is required.
	74
	75	* timeout=TIMEOUT -
	76	I/O timeout in seconds. The default depends on cache= option.
	77
	78	* writeback\|no_writeback -
76ca4b58	79	Enable/disable writeback cache. The cache allows the FUSE client to buffer
6a7e2bbe SH	80	and merge write requests. The default is ``no_writeback``.
	81
	82	* xattr\|no_xattr -
	83	Enable/disable extended attributes (xattr) on files and directories. The
	84	default is ``no_xattr``.
	85
	86	.. option:: --socket-path=PATH
	87
	88	Listen on vhost-user UNIX domain socket at PATH.
	89
f6698f2b AB	90	.. option:: --socket-group=GROUP
	91
	92	Set the vhost-user UNIX domain socket gid to GROUP.
	93
6a7e2bbe SH	94	.. option:: --fd=FDNUM
	95
	96	Accept connections from vhost-user UNIX domain socket file descriptor FDNUM.
	97	The file descriptor must already be listening for connections.
	98
	99	.. option:: --thread-pool-size=NUM
	100
	101	Restrict the number of worker threads per request queue to NUM. The default
	102	is 64.
	103
	104	.. option:: --cache=none\|auto\|always
	105
	106	Select the desired trade-off between coherency and performance. ``none``
	107	forbids the FUSE client from caching to achieve best coherency at the cost of
	108	performance. ``auto`` acts similar to NFS with a 1 second metadata cache
	109	timeout. ``always`` sets a long cache lifetime at the expense of coherency.
f1303afe	110	The default is ``auto``.
6a7e2bbe SH	111
	112	Examples
	113	--------
	114
	115	Export ``/var/lib/fs/vm001/`` on vhost-user UNIX domain socket
	116	``/var/run/vm001-vhost-fs.sock``:
	117
	118	::
	119
	120	host# virtiofsd --socket-path=/var/run/vm001-vhost-fs.sock -o source=/var/lib/fs/vm001
	121	host# qemu-system-x86_64 \
	122	-chardev socket,id=char0,path=/var/run/vm001-vhost-fs.sock \
	123	-device vhost-user-fs-pci,chardev=char0,tag=myfs \
	124	-object memory-backend-memfd,id=mem,size=4G,share=on \
	125	-numa node,memdev=mem \
	126	...
	127	guest# mount -t virtiofs myfs /mnt