Struct devices::virtio::vhost::user::device::FsOptions

pub struct FsOptions {
    socket: Option<String>,
    socket_path: Option<String>,
    fd: Option<RawDescriptor>,
    tag: String,
    shared_dir: PathBuf,
    uid_map: Option<String>,
    gid_map: Option<String>,
    cfg: Option<Config>,
    uid: u32,
    gid: u32,
    disable_sandbox: bool,
    skip_pivot_root: bool,
}

FS Device

Fields

socket: Option<String>

deprecated - please use –socket-path instead

socket_path: Option<String>

path to the vhost-user socket to bind to. If this flag is set, –fd cannot be specified.

fd: Option<RawDescriptor>

file descriptor of a connected vhost-user socket. If this flag is set, –socket-path cannot be specified.

tag: String

the virtio-fs tag

shared_dir: PathBuf

path to a directory to share

uid_map: Option<String>

uid map to use

gid_map: Option<String>

gid map to use

cfg: Option<Config>

colon-separated options for configuring a directory to be shared with the VM through virtio-fs. The format is the same as crosvm run --shared-dir flag except only the keys related to virtio-fs are valid here.

uid: u32

uid of the device process in the new user namespace created by minijail. These two options (uid/gid) are useful when the crosvm process cannot get CAP_SETGID/CAP_SETUID but an identity mapping of the current user/group between the VM and the host is required. Say the current user and the crosvm process has uid 5000, a user can use “uid=5000” and “uidmap=5000 5000 1” such that files owned by user 5000 still appear to be owned by user 5000 in the VM. These 2 options are useful only when there is 1 user in the VM accessing shared files. If multiple users want to access the shared file, gid/uid options are useless. It’d be better to create a new user namespace and give CAP_SETUID/CAP_SETGID to the crosvm. Default: 0.

gid: u32

gid of the device process in the new user namespace created by minijail. Default: 0.

disable_sandbox: bool

disable-sandbox controls whether vhost-user-fs device uses minijail sandbox. By default, it is false, the vhost-user-fs will enter new mnt/user/pid/net namespace. If the this option is true, the vhost-user-fs device only create a new mount namespace and run without seccomp filter. Default: false.

skip_pivot_root: bool

disable pivot_root when process is jailed.

virtio-fs typically uses mount namespaces and pivot_root for file system isolation, making the jailed process’s root directory “/”.

Android’s security model restricts crosvm’s access to certain system capabilities, specifically those related to managing mount namespaces and using pivot_root. These capabilities are typically associated with the SYS_ADMIN capability. To maintain a secure environment, Android relies on mechanisms like SELinux to enforce isolation and control access to directories.

Trait Implementations

impl FromArgs for Options

fn from_args(__cmd_name: &[&str], __args: &[&str]) -> Result<Self, EarlyExit>

Construct the type from an input set of arguments.

fn redact_arg_values( __cmd_name: &[&str], __args: &[&str] ) -> Result<Vec<String>, EarlyExit>

Get a String with just the argument names, e.g., options, flags, subcommands, etc, but without the values of the options and arguments. This can be useful as a means to capture anonymous usage statistics without revealing the content entered by the end user.

impl SubCommand for Options

const COMMAND: &'static CommandInfo = _

Information about the subcommand.