[virtiofs] failure to assign permissions to drive when using Azure Active Directory-joined account

[jorins]

Hello! I've had some issues with getting virtiofs to work with an Azure AD-joined Windows VM, resulting in the strange state of being able to read files from the shared folder, being able to create directories in the top level (e.g. I can create Z:\MyFolder but I can not create Z:\MyFolder\MySubFolder), and being unable to create files entirely.

This is all when logged in on my AD-joined account. What I found when logging in with a local account on the same VM was that it worked as intended and I had the ability to write files and folders anywhere in the tree. Both accounts have administrator privileges. I have not been able to test whether this bug applies only to Azure AD-joined VMs, or all AD-joined VMs.

Relevant libvirt config sections:

<memoryBacking>
  <source type="memfd"/>
  <access mode="shared"/>
</memoryBacking>
...
<filesystem type="mount" accessmode="passthrough">
  <driver type="virtiofs" queue="1024"/>
  <source dir="/home/jorin/{my vm folder}"/>
  <target dir="Share"/>
  <address type="pci" domain="0x0000" bus="0x08" slot="0x00" function="0x0"/>
</filesystem>

Running drivers from virtio-win-0.1.208.iso, and I've tried with WinFSP both stable (1.9) and beta (1.10) and it seems to make no difference as the issue is present with both versions, though I haven't tried using the local account with WinFSP 1.9.

Looking at the permissions of the share as the AD joined user shows me the permissions being assigned to a user referred to as S-1-5-0. I'm not very familiar with Windows, but I'm guessing the question mark on the icon indicates that the user principal is invalid and not recognised by the system.

The permissions of the share when logged in with the local account 'Admin', for reference:

Thank you in advance for your time and your efforts, your software is wonderful :)

[xiagao]

Hi Jorins, can you show the access permission of shared directory on your host?

[xiagao]

Hi Jorins,
I hit this issue using a common AD account, and the shared folder's permission on host are read and write for everybody.I'm not sure if you have the similar config.
drwxrwxrwx 9 root root 136 Nov 2 03:17 test2

And, this issue is tracked in downstream.
Thanks to report this issue.

[jorins]

Yeah, I get the issue with mode 777 on my shared folder (located under my home directory) too. This is running using the qemu system session. qemu runs as nobody and virtiofsd runs as root.

[YanVugenfirer]

Hello All,

Please help us understanding you use cases for using virtio-fs, and thus make us virtio-fs support better.
Please participate in the discussion and add your use cases: #726

Thanks a lot,
Yan.

[Daniel-Trevitz]

Is this the same as #790?