add securityModel option to 9P shares

Author: rmgaray

lib/runners/qemu.nix

@@ -195,13 +195,13 @@ in {
         "-object" "memory-backend-memfd,id=mem,size=${toString (mem + balloonMem)}M,share=on"
         "-numa" "node,memdev=mem"
       ] ++
-      builtins.concatMap ({ proto, index, socket, source, tag, ... }: {
+      builtins.concatMap ({ proto, index, socket, source, tag, securityModel, ... }: {
         "virtiofs" = [
           "-chardev" "socket,id=fs${toString index},path=${socket}"
           "-device" "vhost-user-fs-${devType},chardev=fs${toString index},tag=${tag}"
         ];
         "9p" = [
-          "-fsdev" "local,id=fs${toString index},path=${source},security_model=mapped"
+          "-fsdev" "local,id=fs${toString index},path=${source},security_model=${securityModel}"
           "-device" "virtio-9p-${devType},fsdev=fs${toString index},mount_tag=${tag}"
         ];
       }.${proto}) (enumerate 0 shares)

nixos-modules/microvm/options.nix

@@ -276,6 +276,11 @@ in
             type = nonEmptyStr;
             description = "Path to shared directory tree";
           };
+          securityModel = mkOption {
+            type = nullOr str;
+            default = "none";
+            description = "What security model to use for the shared. Default: none.";
+          };
           mountPoint = mkOption {
             type = path;
             description = "Where to mount the share inside the container";