QEMU's built-in Samba service
The not-functioning -net user,smb
option was caused by an incompatibility with newer Samba versions (>= 4). This is fixed in QEMU v2.2.0 and newer with these changes:
(Debian has backported the latter two patches to 2.1+dfsg-6 which is present in Jessie.)
Usage
You can export one folder as \\10.0.2.4\qemu
when using User networking:
qemu-system-x86_64 \
-net user,smb=/absolute/path/to/folder \
-net nic,model=virtio \
...
When QEMU is successfully started with these options, a new /tmp/qemu-smb.*-*/
directory will be created containing a smb.conf
. If you are fast enough, then this file could be modified to make paths read-only or export more folders.
Mode of operation
The samba daemon is executed whenever ports 139 or 445 get accessed over a "user" network. Communication happens via standard input/output/error of the smbd process. This is the reason why newer daemons failed, it would write its error message to the pipe instead of protocol messages.
Due to this method of operation, the daemon will not listen on host ports, and therefore will only be accessible to the guest. So other clients in the network and even local users cannot gain access to folders using this daemon.
Since QEMU v2.2.0 printer sharing is completely disabled through the samba configuration, so another worry is gone here.
The speed depends on the network adapter, so it is recommended to use the virtio netkvm
driver under Windows.
Also note that the daemon is executed by its absolute path (typically /usr/sbin/smbd
) as specified at compile time (using the --smbd
option). Whenever you need to try a new binary or interpose smbd
, you will need to modify the file at that path.
Other caveats
Executables (*.exe
) must be executable on the host (chmod +x FILE
) for the guest to have execute permissions. To allow execution of any file, add the acl allow execute always = True
option to a share.
Example read-only smb.conf configuration which allows execution of any file (based on QEMU v2.2.0):
...
[qemu]
path=/home/peter/windows
read only=yes
guest ok=true
force user=peter
acl allow execute always = True
I realize this is a very old post but I just recently solved this exact problem by submitting patches to libvirt. Starting in libvirt v6.10, you'll be able to specify the "fmode" and "dmode" options on 9pfs shares which control the default host permissions on files and directories, respectively.
If you can't run v6.10, I found a workaround using the qemu:commandline
feature of libvirt's XML domain to pass the raw QEMU flags. I wrote a blog post about how to do this but the quick version is to put something like
<commandline xmlns="http://libvirt.org/schemas/domain/qemu/1.0">
<arg value="-fsdev"/>
<arg value="local,security_model=mapped,id=fsdev-fs0,path=/path/to/share,fmode=0644,dmode=0755"/>
<arg value="-device"/>
<arg value="virtio-9p-pci,id=fs0,fsdev=fsdev-fs0,mount_tag=sharename,bus=pci.6,addr=0x0"/>
</commandline>
into your domain XML as a child of "domain." The blog post goes into more detail about the values but you may need to tweak fsdev-fs0
, fs0
, and sharename
to fit your domain.
Best Answer
The problem was that the Firewall was blocking the connections on the ports used by Samba.
I had to add the necessary exceptions and now it works as expected.