Bug 2187641

Summary: [virtiofs] FUSE supplementary group extension support
Product: Red Hat Enterprise Linux 9 Reporter: German Maglione <gmaglione>
Component: virtiofsdAssignee: German Maglione <gmaglione>
Status: VERIFIED --- QA Contact: xiagao
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.3CC: jinzhao, juzhang, virt-maint, yfu
Target Milestone: rcKeywords: RFE, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: virtiofsd-1.7.0-1.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2222221    
Bug Blocks:    

Description German Maglione 2023-04-18 09:43:16 UTC 
Kernel version 6.3 adds support for sending the user supplementary groups (Bug 2134128):

https://lore.kernel.org/lkml/Y%2FzYyN7NeLKusmSj@miu.piliscsaba.redhat.com/#r

The current version of virtiofsd only implements a workaround to this problem.
It keeps CAP_DAC_OVERRIDE after switching uid/gid (Bug 2141629), but this trick doesn't work over NFS or CephFS. This is also required to fix https://issues.redhat.com/browse/KATA-1776

How reproducible:
100%

Steps to Reproduce:
1. start virtiofsd over a NFS shared dir
root# virtiofsd --shared-dir=/.../some_nfs_shared_dir ...

2. start the guest.

3. (in guest) mount the virtiofs
root#  mount -t virtiofs myfs /mnt

4. (in guest) add a user and it to the wheel group (as supplementary group)
root# useradd u1
root# passwd u1
root# usermod -G wheel u1

5. (in guest) as root, create a test directory
root# mkdir -m 0770 testdir
root# chgrp wheel testdir

6. (in guest) switch to u1 user and try to create a file inside the test directory
root# su u1
u1$ touch testdir/file


Actual results:
fails with "Permission denied"

Expected results:
# ls -l testdir/file 
-rw-r--r-- 1 user user 0 nov 10 11:12 testdir/file
Comment 1 xiagao 2023-07-21 03:08:15 UTC 
Test with kernel pkg in https://bugzilla.redhat.com/show_bug.cgi?id=2134128#c14 together, the result is good with no permission issue with nfs as the virtiofs backend.
So preverify it.
Comment 2 Yanan Fu 2023-07-25 05:45:28 UTC 
Anyone who can help update the 'Fixed in Version' field with the build nvr please ? Thanks!
Comment 5 xiagao 2023-07-28 10:12:36 UTC 
Verify this bug with virtiofsd-1.7.