I had an odd issue crop up in trying to mount an NFS share on a libvirt/KVM/QEMU virtual machine. I have NFS successfully mounted on other hosts with no issue between my routed networks. I see on the client "access denied by server" on the Rocky Linux 8.5 client, the virtual machine with "mount request from [host] from unpriviledged port". The NFS export rule included the network used by the virtual machine. However, I see that the hypervisor is routing the network for the virtual machine.
I first thought that maybe a routing issue to the virtual machine but since the mount request is coming from the virtual machine, routed (NAT'd) through the hypervisor, the traffic would be returned through the hypervisor.
I saw this: https://www.truenas.com/community/t...s-mount-request-from-unprivileged-port.60600/ where they ultimately solved their issue by enabling non-root mount on the NFS service. This allowed me to complete my mount, which made me wonder if the hypervisor was using a non-root ID to request the mount. I see that libvirtd process is owned by root on the hypervisor with the virtual machine running as libvirt+ user ID on the qemu-system-X86_64 processes and for dnsmasq.
Anyone know what user ID is used by the mount request on the TrueNAS or why this ultimately works? Seems as though root user on the virtual machine initiates it, it should be relayed through the hypervisor "router" as root user as well.
I first thought that maybe a routing issue to the virtual machine but since the mount request is coming from the virtual machine, routed (NAT'd) through the hypervisor, the traffic would be returned through the hypervisor.
I saw this: https://www.truenas.com/community/t...s-mount-request-from-unprivileged-port.60600/ where they ultimately solved their issue by enabling non-root mount on the NFS service. This allowed me to complete my mount, which made me wonder if the hypervisor was using a non-root ID to request the mount. I see that libvirtd process is owned by root on the hypervisor with the virtual machine running as libvirt+ user ID on the qemu-system-X86_64 processes and for dnsmasq.
Anyone know what user ID is used by the mount request on the TrueNAS or why this ultimately works? Seems as though root user on the virtual machine initiates it, it should be relayed through the hypervisor "router" as root user as well.
