Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

QEMU VMs have access to host filesystem via user mode networking #2397

Closed
ghost opened this issue Jul 10, 2024 · 0 comments
Closed

QEMU VMs have access to host filesystem via user mode networking #2397

ghost opened this issue Jul 10, 2024 · 0 comments

Comments

@ghost
Copy link

ghost commented Jul 10, 2024

Similar to #2385, it is possible to use user mode networking in the advanced options to access host files from a qemu VM. For details using -nic user,... / -netdev user,... see https://www.qemu.org/docs/master/system/invocation.html#hxtool-5. Problematic are the options tftp, bootfile, smb and perhaps guestfwd.

I can think of three ways to block that:

  • Block the -nic and -netdev options. The normal way for configuring networking should be good enough, there should be no need to use the advanced options for that.
  • Block options starting with "user," to block only user mode networking.
  • Block options starting with "user," and additionally containing ",tftp=", ",bootfile=", ",smb=" or ",guestfwd=".

I would prefer the last option as this will have the least impact. Alternatively the first option is the easiest one to implement.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@grossmj