QEMU/KVM: How to configure a writeable shared folder for guest, which itself is a CIFS mounted network share on host?

Question

Issue

I am having a hard time configuring a shared folder with write permissions inside the guest. My special case is that the shared folder references a CIFS network share mounted on the host.

Host configuration

Network share (and shared folder) /media/nas/temp is mounted via

sudo mount -t cifs -o username=dave,vers=3.0,uid=dave,gid=libvirt-qemu //nas/temp /media/nas/temp

Virt-manager configuration:

Permissions from host perspective:

dave@host:~$ ll /media/nas/
drwxr-xr-x 2 dave        libvirt-qemu    0 Dez  6 15:36 temp/

Guest configuration

/temp (/media/nas/temp on host) is mounted via:

sudo mount -t 9p -o trans=virtio,version=9p2000.L /temp /media/temp

Permissions from guest perspective (64055 is the uid of libvirt-qemu group of the host):

dave@guest:~$ ll /media
drwxr-xr-x  2 dave 64055    0 dec  6 15:36 temp/

Problem

A write operation like creating a new file triggers following error:

dave@guest:~$ touch /media/temp/myfile.log
touch: cannot touch '/media/temp/myfile.log': Permission denied

I also tried file_mode and dir_mode mount options from the host:

sudo mount -t cifs -o username=dave,vers=3.0,uid=dave,gid=libvirt-qemu,\
  file_mode=0777,dir_mode=0777 //nas/temp /media/nas/temp

New permissions from host perspective:

dave@host:~$ ll /media/nas
drwxrwxrwx 2 dave        libvirt-qemu    0 Dez  6 15:36 temp/

Curiously, now I get a different error:

dave@guest:~$ touch /media/temp/myfile.log
touch: cannot touch '/media/temp/myfile.log': Operation not supported

What works

1. The host can write to /media/nas/temp with user dave.

2. From within the guest, I could mount via CIFS directly successfully (same credentials) - but that is not possible in my current environment.

3. I am also able to mount a local host folder (like /home/dave/Downloads/qemu-test, which has the exact same permissions, and write to it. Permissions in this case were:

dave@host:~$ ll ~/Downloads/
drwxrwx---+  2 dave libvirt-qemu    4096 Dez  6 17:25 qemu-test/

Question

Why does it make a difference, if I want to share a network or local folder via mount -t 9p? As shown, the permissions should be the same and it shouldn't matter for the guest, what kind of mountpoint is shared (?).

Has anybody managed to do write a shared folder mounted as network share from host (if yes, how)?

Related

• follow-up post of How to use QEMU/KVM virtual machine disk image on SMB/CIFS network share: Permission denied

Similar posts, which are about sharing a local folder:

• How can I store files in the mounted shared folder?
• serverfault: KVM guest cannot write to 9p share owned by non-root
• serverfault: Read/write access for passthrough (9p) filesystems with libvirt/qemu?
• askubuntu: 9p (libvirt/QEMU) share modes

Answer 1

After a bit more investigation, here is what worked for me. Important points:

1. set mount mode to Squash - neither Passthrough nor Mapped.
2. set mount point owner to libvirt-qemu and the group to dave (user/uid used in the guest).
3. set file_mode=0755, dir_mode=0755 in the mount CIFS options.

Example mount (host):

sudo mount -t cifs -o username=dave,vers=3.11,uid=libvirt-qemu,gid=dave,file_mode=0775,dir_mode=0775 //nas/temp /media/nas/temp

Ad 1.: In other modes, I got errors like

touch: setting times of xxx: No such file or directory

touch: cannot touch '/media/temp/myfile.log': Operation not supported

Ad 2.: It wasn't sufficient to set libvirt-qemu as group, resulting in "Permission denied" errors. In the question, I did it the other way round. Make sure to select the correct UID for the guest - e.g. set the same UIDs for dave on the host and guest. Note: the QEMU/KVM virtual machine is run as user libvirt-qemu.

Ad 3.: These options make the mountpoint writeable for user dave, whose group is set as owning group (standard would be readonly).