diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
index 4528e172ec..1b9b221611 100644
--- a/docs/formatdomain.rst
+++ b/docs/formatdomain.rst
@@ -3236,6 +3236,7 @@ A directory on the host that can be accessed directly from the guest.
+
@@ -3360,6 +3361,11 @@ A directory on the host that can be accessed directly from the guest.
``cache`` element, possible ``mode`` values being ``none`` and ``always``.
Locking can be controlled via the ``lock`` element - attributes ``posix`` and
``flock`` both accepting values ``on`` or ``off``. ( :since:`Since 6.2.0` )
+ The sandboxing method used by virtiofsd can be configured with the ``sandbox``
+ element, possible ``mode`` values being ``namespace`` and
+ ``chroot``, see the
+ `virtiofsd documentation `__
+ for more details. ( :since:`Since 7.2.0` )
``source``
The resource on the host that is being accessed in the guest. The ``name``
attribute must be used with ``type='template'``, and the ``dir`` attribute
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 046f17b3ae..a2e5c50c1d 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -2984,6 +2984,18 @@
+
+
+
+
+
+ namespace
+ chroot
+
+
+
+
+
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 0a00be4e80..f8a462fb3b 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -540,6 +540,13 @@ VIR_ENUM_IMPL(virDomainFSCacheMode,
"always",
);
+VIR_ENUM_IMPL(virDomainFSSandboxMode,
+ VIR_DOMAIN_FS_SANDBOX_MODE_LAST,
+ "default",
+ "namespace",
+ "chroot",
+);
+
VIR_ENUM_IMPL(virDomainNet,
VIR_DOMAIN_NET_TYPE_LAST,
@@ -10114,6 +10121,7 @@ virDomainFSDefParseXML(virDomainXMLOption *xmlopt,
g_autofree char *binary = virXPathString("string(./binary/@path)", ctxt);
g_autofree char *xattr = virXPathString("string(./binary/@xattr)", ctxt);
g_autofree char *cache = virXPathString("string(./binary/cache/@mode)", ctxt);
+ g_autofree char *sandbox = virXPathString("string(./binary/sandbox/@mode)", ctxt);
g_autofree char *posix_lock = virXPathString("string(./binary/lock/@posix)", ctxt);
g_autofree char *flock = virXPathString("string(./binary/lock/@flock)", ctxt);
int val;
@@ -10147,6 +10155,16 @@ virDomainFSDefParseXML(virDomainXMLOption *xmlopt,
def->cache = val;
}
+ if (sandbox) {
+ if ((val = virDomainFSSandboxModeTypeFromString(sandbox)) <= 0) {
+ virReportError(VIR_ERR_XML_ERROR,
+ _("cannot parse sandbox mode '%s' for virtiofs"),
+ sandbox);
+ goto error;
+ }
+ def->sandbox = val;
+ }
+
if (posix_lock) {
if ((val = virTristateSwitchTypeFromString(posix_lock)) <= 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
@@ -25176,6 +25194,11 @@ virDomainFSDefFormat(virBuffer *buf,
virDomainFSCacheModeTypeToString(def->cache));
}
+ if (def->sandbox != VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT) {
+ virBufferAsprintf(&binaryBuf, "\n",
+ virDomainFSSandboxModeTypeToString(def->sandbox));
+ }
+
if (def->posix_lock != VIR_TRISTATE_SWITCH_ABSENT) {
virBufferAsprintf(&lockAttrBuf, " posix='%s'",
virTristateSwitchTypeToString(def->posix_lock));
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 4d1826362f..7688f17b18 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -849,6 +849,14 @@ typedef enum {
VIR_DOMAIN_FS_CACHE_MODE_LAST
} virDomainFSCacheMode;
+typedef enum {
+ VIR_DOMAIN_FS_SANDBOX_MODE_DEFAULT = 0,
+ VIR_DOMAIN_FS_SANDBOX_MODE_NAMESPACE,
+ VIR_DOMAIN_FS_SANDBOX_MODE_CHROOT,
+
+ VIR_DOMAIN_FS_SANDBOX_MODE_LAST
+} virDomainFSSandboxMode;
+
struct _virDomainFSDef {
int type;
int fsdriver; /* enum virDomainFSDriverType */
@@ -874,6 +882,7 @@ struct _virDomainFSDef {
virDomainFSCacheMode cache;
virTristateSwitch posix_lock;
virTristateSwitch flock;
+ virDomainFSSandboxMode sandbox;
virDomainVirtioOptions *virtio;
virObject *privateData;
};
@@ -3797,6 +3806,7 @@ VIR_ENUM_DECL(virDomainFSAccessMode);
VIR_ENUM_DECL(virDomainFSWrpolicy);
VIR_ENUM_DECL(virDomainFSModel);
VIR_ENUM_DECL(virDomainFSCacheMode);
+VIR_ENUM_DECL(virDomainFSSandboxMode);
VIR_ENUM_DECL(virDomainNet);
VIR_ENUM_DECL(virDomainNetBackend);
VIR_ENUM_DECL(virDomainNetVirtioTxMode);
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index abd3dc4bd1..e9bb23913c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -415,6 +415,7 @@ virDomainFSDriverTypeToString;
virDomainFSIndexByName;
virDomainFSInsert;
virDomainFSRemove;
+virDomainFSSandboxModeTypeToString;
virDomainFSTypeFromString;
virDomainFSTypeToString;
virDomainFSWrpolicyTypeFromString;
diff --git a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
index 2277850c2c..abddf0870b 100644
--- a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
+++ b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
@@ -30,6 +30,7 @@
+