[libvirt] [PATCH 2/5] util: allow using virCommandAllowCap with setuid helpers
Paolo Bonzini
pbonzini at redhat.com
Thu Mar 28 10:09:01 UTC 2013
> That seems like a kernel flaw - it makes sense that you can't _add_
> capabilities without CAP_SETPCAP, but being unable to _drop_
> capabilities without first acquiring a capability seems backwards.
You cannot add capabilities to the bounding set at all. It is a
one-way street.
/me learned a lot of things while writing these two patches.
In fact, capng_apply(CAPNG_SELECT_BOUNDS) will never fail, but I
preferred to be conservative in patch 1 just in case this changes
in the future.
> Hmm, this seems like we may want it for 1.0.4
I do not think so, there should not be any cases right now where
unprivileged libvirt calls a setuid helper.
Paolo
More information about the libvir-list
mailing list