I’d like to have a VM for development, where I can edit code on the host system that the VM will see, but the VM can also edit the code/files in this path.
incus config device add $name mydisk disk source=~/incus-user path=/home/incus-user readonly=false this allows for read-write on host, but read-only in the VM. I think shift=true only works for containers, not VMs.
Thanks, I didn’t know that shift=true isn’t relevant for virtual machines. I was misled by the fact that when a user on the host has UID and GID exactly the same as the user in VM, then the shared folder has read-write permission on both by default.
@digitalsignalperson you can use raw.idmap for VMs instead. Assuming your user on the host has UID and GID 1001 (check using id -u and id -g commands) and the user in VM has UID and GID 1000 (which is true for arch VM):
on the host the hi-from-1000 is owned by 1000, and bar written by root in the vm is 65534/nobody. Is it unsafe to map id 0 to 0 if only this one folder is shared?
Aside, if I try to boot with secureboot on I get:
Error: Couldn't find one of the required UEFI firmware files: [{code:OVMF_CODE.4MB.fd vars:OVMF_VARS.4MB.ms.fd} {code:OVMF_CODE_4M.ms.fd vars:OVMF_VARS_4M.ms.fd} {code:OVMF_CODE.2MB.fd vars:OVMF_VARS.2MB.ms.fd} {code:OVMF_CODE.fd vars:OVMF_VARS.ms.fd} {code:OVMF_CODE.fd vars:qemu.nvram}]
Note that this still won’t help with security.secureboot=true as for that to work, we not only need the OVMF_CODE.secboot.4m.fd and OVMF_CODE.secboot.fd stuff, but we also need matching OVMF_VARS files that contain the standard secureboot keys.
Otherwise if we just use OVMF_CODE.secboot with the stock OVMF_VARS, the VM will boot in Secure Boot setup mode, which means no key loaded and can boot anything it wants which defeats the purpose of the option