Skip to content

Virtiofs Tooling + Clamav#202

Open
mbssrc wants to merge 2 commits into
tiiuae:mainfrom
mbssrc:ghaf-shareddd
Open

Virtiofs Tooling + Clamav#202
mbssrc wants to merge 2 commits into
tiiuae:mainfrom
mbssrc:ghaf-shareddd

Conversation

@mbssrc
Copy link
Copy Markdown
Contributor

@mbssrc mbssrc commented Feb 6, 2026
edited
Loading

Description

Patch provides binaries for systemd services to administrate virtiofs shares with security boundary.

It contains:

virtiofs gate daemon: administrates shared virtiofs folders

  • monitors shares
  • initiates scan
  • propagates data between shares (as configured)

virtiofs notify daemon: small vsock guest daemon that updates folders for file browsers (gui use case)

clamd-vproxy: daemon proxy via vsock

clamd-vclient: daemon that monitors file system (on-modify) and scans via clamd-vsock

See README.md files for detailed explanations.

Related Issues

Fixes #
Related to #

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Dependency update
  • Nix configuration change
  • Other (please describe):

Changes Made

Testing Done

  • Built locally with nix build .#<package-name>
  • Ran nix flake check (all packages build successfully)
  • Ran nix fmt -- --fail-on-change (formatting check passed)
  • Ran reuse lint (license compliance verified)
  • Tested in Ghaf environment (if applicable)
  • Manual testing performed:

Package Impact

Affected packages:

Screenshots/Logs

Click to expand 
<!-- Paste logs or add screenshots here -->

Checklist

  • Code follows project style guidelines (nix fmt passed)
  • SPDX license headers added to all new files
  • Documentation updated (README, inline comments, etc.)
  • No trailing whitespace in modified files
  • Commit messages follow guidelines
  • No breaking changes (or clearly documented if unavoidable)
  • Security implications considered (no secrets, proper validation)
  • Nix best practices followed (no rec, explicit lib. usage)

Additional Notes

For Reviewers:

@mbssrc mbssrc requested a review from slakkala February 10, 2026 09:10
inzanity
inzanity reviewed Feb 10, 2026
View reviewed changes
Copy link
Copy Markdown

@inzanity inzanity left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general looks pretty good. Added a bunch of comments of varying severity.

Comment thread packages/rust/ghaf-virtiofs-tools/src/gate/config.rs
Comment thread packages/rust/ghaf-virtiofs-tools/src/gate/config.rs Outdated
Comment thread packages/rust/ghaf-virtiofs-tools/src/gate/config.rs Outdated
Comment thread packages/rust/ghaf-virtiofs-tools/src/gate/config.rs Outdated
Comment thread packages/rust/ghaf-virtiofs-tools/src/gate/config.rs Outdated
Comment thread packages/rust/ghaf-virtiofs-tools/src/watcher.rs Outdated
Comment thread packages/rust/ghaf-virtiofs-tools/src/watcher.rs Outdated
Comment thread packages/rust/ghaf-virtiofs-tools/src/watcher.rs Outdated
Comment thread packages/rust/ghaf-virtiofs-tools/src/gate/daemon.rs Outdated
Comment thread packages/rust/ghaf-virtiofs-tools/src/gate/config.rs
mbssrc added 2 commits March 27, 2026 00:41
@mbssrc
feat(virtiofs-tools): add rust virtiofs tools
6284f60 
Rust tooling for secure file sharing between Ghaf VMs via virtiofs.

  Components:
  - virtiofs-gate: daemon for file synchronization with malware scanning
  - virtiofs-notify: VM notification tool for share refresh
  - clamd-vclient: on-modify scanner client using vsock to host
  - clamd-vproxy: ClamAV proxy for guest-to-host scanning

Signed-off-by: Manuel Bluhm <manuel@ssrc.tii.ae>
@mbssrc
feat(virtiofs-tools): add integration tests
bb1ef2a 
 Python test tool for validating virtiofs file sharing between Ghaf VMs.

  Components:
  - ghaf-virtiofs-test CLI with write/verify/clean modes
  - Test runner with scenario discovery
  - Metrics collection for performance tests

  Test scenarios:
  - basic: rw, ro, wo, delete, modify, rename, scan, performance
  - extended: ignore patterns, large files, paths, permissions, quarantine, symlinks
  - security: bypass attempts, overload/overflow handling
  - vsock: proxy connectivity, scan latency, security

Signed-off-by: Manuel Bluhm <manuel@ssrc.tii.ae>
github-advanced-security[bot]
github-advanced-security AI found potential problems Mar 26, 2026
View reviewed changes
Comment thread ...virtiofs-tests/ghaf-virtiofs-tests/src/ghaf_virtiofs_tests/scenarios/extended/permissions.py
print(f"[F-012] Creating file with mode {oct(PERM_MODE)}...")
perm_file = ctx.path / PERM_FILE
perm_file.write_bytes(TEST_CONTENT)
os.chmod(perm_file, PERM_MODE)

Check failure

Code scanning / CodeQL

Overly permissive file permissions High

Overly permissive mask in chmod sets file to group readable.
Comment thread ...virtiofs-tests/ghaf-virtiofs-tests/src/ghaf_virtiofs_tests/scenarios/extended/permissions.py
suid_file = ctx.path / SUID_FILE
suid_file.write_bytes(TEST_CONTENT)
try:
os.chmod(suid_file, SUID_MODE)

Check failure

Code scanning / CodeQL

Overly permissive file permissions High

Overly permissive mask in chmod sets file to world readable.
Comment thread ...virtiofs-tests/ghaf-virtiofs-tests/src/ghaf_virtiofs_tests/scenarios/extended/permissions.py
sgid_file = ctx.path / SGID_FILE
sgid_file.write_bytes(TEST_CONTENT)
try:
os.chmod(sgid_file, SGID_MODE)

Check failure

Code scanning / CodeQL

Overly permissive file permissions High

Overly permissive mask in chmod sets file to world readable.
Comment thread ...af-virtiofs-tests/ghaf-virtiofs-tests/src/ghaf_virtiofs_tests/scenarios/security/overload.py
paths = []
for i in range(batch_size):
file_path = base_dir / f"t{thread_id}_{i:06d}"
fd = os.open(str(file_path), os.O_CREAT | os.O_WRONLY, 0o644)

Check failure

Code scanning / CodeQL

Overly permissive file permissions High

Overly permissive mask in open sets file to world readable.
Comment thread ...ghaf-virtiofs-tests/ghaf-virtiofs-tests/src/ghaf_virtiofs_tests/scenarios/security/bypass.py
race_file.write_bytes(b"race")
try:
race_file.unlink()
except FileNotFoundError:

Check notice

Code scanning / CodeQL

Empty except Note

'except' clause does nothing but pass and there is no explanatory comment.
Comment thread ...af-virtiofs-tests/ghaf-virtiofs-tests/src/ghaf_virtiofs_tests/scenarios/security/overload.py
try:
os.unlink(str(file_path))
count += 1
except OSError:

Check notice

Code scanning / CodeQL

Empty except Note

'except' clause does nothing but pass and there is no explanatory comment.
@mbssrc mbssrc marked this pull request as ready for review March 26, 2026 20:43
@mbssrc mbssrc mentioned this pull request Mar 26, 2026
Draft
19 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slakkala slakkala Awaiting requested review from slakkala

1 more reviewer

@inzanity inzanity inzanity left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mbssrc @inzanity @github-advanced-security @slakkala