bhyve Permissions issues with bhyve virtio-9p and Alpine linux guest

[reasonsandreasons]

Hello! I've been converting my home network infrastructure over to FreeBSD and have been really enjoying it so far. Unfortunately, I'm running into an issue with mounting a virtio-9p disk into an Alpine linux VM. The disk itself mounts fine but I'm unable to access the underlying files with any user other than root. I have a user with a matching uid/gid (10001,10001) on the host and guest and have confirmed the host user has access with an NFSv4 ACL. I'd greatly appreciate any help you folks can provide with this. While the simple answer here is NFS, I'd like to use 9p if at all possible.

vm-bhyve config:

loader="uefi"
cpu=4
memory=8G
network0_type="virtio-net"
network0_switch="public"
disk0_type="nvme"
disk0_name="disk0.img"
disk1_type="virtio-9p"
disk1_name="media=/main/media"
disk1_dev="custom"

ACL on the folder:

# file: /main/media
# owner: root
# group: wheel
         user:plex:rwxpDdaARWcCos:fd-----:allow
    group:media-ro:r-----a-R-c---:fd-----:allow
            owner@:rwxp--aARWcCos:-------:allow
            group@:rwxp--a-R-c--s:-------:allow
         everyone@:------a-R-c--s:-------:allow

Mount command on the guest: doas mount -t 9p -o trans=virtio,version=9p2000.L media /media9p

 

[T-Daemon]

This doesn't seems to be a permissions issue on the host side.

I have full access on "virtio-9p" shared sub-directories and files as any non-privileged user (users not present on the host) on a Linux Mint bhyve(8) (vm-bhyve configured) guest, with or without the same NFSv4 ACLs you have.

The directories and files on the host are owned by a non-privileged user.

In your case, It seems the issue is on the Alpine guest side.

The ACLs print indicates a "plex" user. Is a Plex server involved in the setup?

 

[reasonsandreasons]

Not yet! I tore down the VM and have been building it up again step by step to try to figure out where the problem is. The eventual plan is to have the plex user on the host in the media-ro group, but I've granted that user full access with an ACL to debug and make this simpler.

At this point I have an Alpine VM that has a test user with UID 10001 and GID 10001 and the virtio-9p mounted. After a su - testuser the testuser account on the guest is unable to view the contents of the /media9p directory with ls. That seems to indicate that something's going on with the virtio-9p layer specifically, as the ACL seems right here? I don't think it should matter, but I might change ownership to the plex user to see if that changes things.

 

[SirDice]

After a su - testuser the testuser account on the guest is unable to view the contents of the /media9p directory with ls.

On the guest, what does ls -dl /media9p show (after you mounted the 9p filesystem there)? It's probably not the permissions on the host side, but on your VM side.