Skip to content

Support ReadOnly flag on VirtioFSMount #53

Open
#55
Open
Support ReadOnly flag on VirtioFSMount#53
#55
@JAORMX

Description

@JAORMX
JAORMX
opened on Mar 30, 2026

Problem

VirtioFSMount currently only has Tag and HostPath fields. There is no way to specify that a mount should be read-only inside the guest.

When ToolHive maps a permission profile's read-only bind mounts to VirtioFSMount entries, the ReadOnly flag from the mount declaration is silently dropped. This means --volume /path:/path:ro mounts become read-write inside the guest VM, which is weaker isolation than the user expects.

Proposed Solution

Add a ReadOnly bool field to VirtioFSMount and plumb it through hypervisor.FilesystemMount so the backend can enforce it. The libkrun virtiofs implementation likely needs to pass this through to the virtiofsd configuration.

type VirtioFSMount struct {
    Tag      string
    HostPath string
    ReadOnly bool // new
}

Context

Discovered during code review of stacklok/toolhive#4358. No catalog entries currently use read-only mounts, so practical impact is low today, but it is a correctness gap relative to how Docker handles the same permission profile.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions