Run virtiofsd in usermode and mount shares with correct gid.

- The new virtiofsd provides the ability to map a specified
  UID and GID to that of the user when running in user mode.
  As a result, virtiofsd is moved to userland for VMs and
  the new -uid and -gid options are introduced that specify
  the IDs on the guest.New v
- The drives no longer have to be mounted with the group ID 1010.
  Therefore, the mount options are changed to the real group ID

roles/lmn_mount/tasks/main.yml

@@ -18,7 +18,7 @@
         fstype="davfs"
         path="{{ web_dav }}"
         mountpoint="/lmn/media/%(USER)/nextcloud"
-        options="username=%(USER),nosuid,nodev,uid=%(USER),gid=1010,grpid,file_mode=0770,dir_mode=0770,forceuid,forcegid"
+        options="username=%(USER),nosuid,nodev,uid=%(USER),gid=%(USERGID),grpid,file_mode=0700,dir_mode=0700,forceuid,forcegid"
         ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- Volume definitions -->"
@@ -34,7 +34,7 @@
         server="{{ smb_server }}"
         path="{{ smb_share }}"
         mountpoint="/srv/samba/schools/default-school"
-        options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}"
+        options="sec=krb5i,cruid=%(USERUID),user=%(USER),gid=%(USERGID),file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600{{ cifsopt | default(",cache=loose") }}"
         ><not><or><user>root</user><user>ansible</user><user>Debian-gdm</user><user>sddm</user><user>{{ localuser }}</user></or></not>
       </volume>
     insertafter: "<!-- Volume definitions -->"

roles/lmn_teacherlaptop/files/10-lmn-mount.sh

@@ -5,6 +5,7 @@ set -eu
 if [[ "$CONNECTION_ID" = "wg0" ]]; then
   USERNAME=$(ps -o pid,user,args -C sddm-helper | sed -nE 's/.*user (.*)$/\1/p')
   USERID=$(id -u "${USERNAME}")
+  GROUPID=$(id -g "${USERNAME}")
   KRB5CCNAME=$(ls /tmp/krb5cc_"${USERID}"_*)
   export KRB5CCNAME
   printenv >&2
@@ -26,7 +27,7 @@ if [[ "$CONNECTION_ID" = "wg0" ]]; then
     mkdir -p "/lmn/media/${USERNAME}/share"
     
     mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
-          -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
+          -o "sec=krb5i,cruid=${USERID},user=${USERNAME},uid=${USERID},gid=${GROUPID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
 	  echo "after mount" >&2
     mount --bind /srv/samba/schools/default-school/share "/lmn/media/${USERNAME}/share"
   elif [[ "$NM_DISPATCHER_ACTION" = "pre-down" ]]; then

roles/lmn_teacherlaptop/files/mountserver

@@ -17,7 +17,7 @@ chmod 777  /srv/samba/schools/default-school
 mkdir -p "/lmn/media/${SUDO_USER}/share"
 
 mount -t cifs //server/default-school/ /srv/samba/schools/default-school \
-      -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
+      -o "sec=krb5i,cruid=${SUDO_UID},user=${SUDO_USER},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,mfsymlinks,nobrl,actimeo=600,cache=loose,echo_interval=10"
 mount --bind /srv/samba/schools/default-school/share "/lmn/media/${SUDO_USER}/share"
 
 echo "Einbindung erfolgreich!"

roles/lmn_vm/files/mounthome.sh

@@ -36,12 +36,12 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-o' ]; then
     echo
     mkdir -p "/lmn/media/${SUDO_USER}/oldhome"
     mkdir -p "/lmn/media/${SUDO_USER}/oldprojects"
-    #errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid" \
+    #errcode=$(mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid" \
     #	    "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome")
     #if [[ ! "${errcode}" ]]; then
-    mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \
+    mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid,nobrl,mfsymlinks" \
 	    "//192.168.1.2/DOCS/fvs" "/lmn/media/${SUDO_USER}/oldhome"
-    mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=1010,file_mode=0770,dir_mode=0770,forceuid,forcegid,nobrl,mfsymlinks" \
+    mount -t cifs -o "username=${username},uid=${SUDO_UID},gid=${SUDO_GID},file_mode=0700,dir_mode=0700,forceuid,forcegid,nobrl,mfsymlinks" \
 	    "//192.168.1.2/DATA/fvs/projekte" "/lmn/media/${SUDO_USER}/oldprojects"
     #echo "Mounting successfull!"
     echo "Einbindung erfolgreich!"
@@ -55,7 +55,7 @@ elif [ "$#" -gt 0 ] && [ "$1" = '-l' ]; then
     echo "Bitte auch Groß- und Kleinschreibung achten."
     read -rp "Username: " username
     mkdir -p "/lmn/media/${SUDO_USER}/linuxhome"
-    mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=1010,reconnect" \
+    mount -t fuse -o "allow_other,uid=${SUDO_UID},gid=${SUDO_GID},reconnect" \
           "sshfs#${username}@home.steinbeisschule-reutlingen.de:" "/lmn/media/${SUDO_USER}/linuxhome"
     #echo "Mounting successfull!"
     echo "Einbindung erfolgreich!"

roles/lmn_vm/files/vm-run

@@ -19,6 +19,8 @@ options:
        --os OS           operating system (win10|linux|..)
        --data-disk size  additional data-disk
        --bridge virbrX   additional network interface on bridge virbrX
+       --uid uid         set uid on guest
+       --gid gid         set gid on guest
        --macvtap         additional network interface on device macvtap
        --options options additional options for virt-install command
 EOF
@@ -109,12 +111,25 @@ create_clone() {
 create_printerlist() {
   ## Prepare .printerlist.csv
   mkdir -p "${VM_MEDIADIR}"
+  chgrp "$(id -g)" "${VM_MEDIADIR}"
   echo "Name;IppURL" > "${VM_MEDIADIR}/.printerlist.csv"
   for p in $(lpstat -v | cut -f 3 -d" " | sed 's/:$//'); do
     echo "$p;ipp://192.168.122.1/printers/$p" >> "${VM_MEDIADIR}/.printerlist.csv"
   done
 }
 
+start_virtiofsd() {
+  # BEGIN temporary fix, while linux-starter are not migrated to --uid and --gid
+  if [[ "$LIBVIRTOSINFO" =~ "debian.*" ]]; then
+    GUEST_UID=1000
+    GUEST_GID=1010
+  fi
+  # END temporary fix
+  socket="/run/user/$(id -u $USER)/virtiofs-${VM_NAME}.sock"
+  /usr/local/bin/virtiofsd.v1.11 --uid-map=:${GUEST_UID}:${UID}:1: --gid-map=:${GUEST_GID}:$(id -g):1: \
+	  --socket-path "$socket" --shared-dir "/lmn/media/${USER}" --syslog &
+}
+
 QEMU='qemu:///session'
 
 NEWCLONE=0
@@ -122,10 +137,12 @@ PERSISTENT=0
 LIBVIRTOSINFO="win10"
 LIBVIRTOPTS=""
 NO_VIEWER=0
+GUEST_UID=0
+GUEST_GID=0
 
 source /etc/lmn/vm.conf
 
-TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,macvtap,os:,help -n $0 -- "$@")
+TEMP=$(getopt -o no:ps --long new,no-viewer,options:,persistent,system,memory:,data-disk:,heads:,cpu:,bridge:,macvtap,os:,uid:,gid:,help -n $0 -- "$@")
 if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
 
 eval set -- "$TEMP"
@@ -203,6 +220,14 @@ while true; do
             LIBVIRTOSINFO=$2
 	    shift 2
 	    ;;
+    --uid )
+            GUEST_UID=$2
+	    shift 2
+	    ;;
+    --gid )
+            GUEST_GID=$2
+	    shift 2
+	    ;;
     --help )
             show_help
             exit 1
@@ -242,7 +267,7 @@ if  ! virsh --connect="${QEMU}" list | grep "${VM_NAME}-clone"; then
 
     create_printerlist
     # start virtiofsd-service
-    [[ "${QEMU}" = 'qemu:///session' ]] && sudo /usr/local/bin/vm-virtiofsd "${VM_NAME}"
+    [[ "${QEMU}" = 'qemu:///session' ]] && start_virtiofsd
 
     # finally, create the new vm