[Virtio-fs] [PATCH 0/4] Drop CAP_FSETID if client needs to kill setuid/setgid bits
Vivek Goyal
vgoyal at redhat.com
Tue Aug 13 19:29:40 UTC 2019
If a file has setuid/setuid bit set and a writer writes to file without
having CAP_FSETID capability, kernel clears setuid/setgid bit on file.
pjdfstest test chmod/12.t tests for this. With moving to 5.3 kernel and
cache=none this test fails.
Now Miklos has introducd a commit where if client thinks that
setuid/setgid bit should be cleared, it sets FUSE_KILL_PRIV flag
in fuse_write_in->write_flags. This is an indication to daemon to
clear setuid/setgid bit atomically.
So drop CAP_FSETID capability and then proceed with write and that
should automatically clear setuid bit.
Vivek Goyal (4):
virtiofsd: Fix number of padding bits in fuse_file_info
virtiofsd: Use macros for write_flag parsing
virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV
virtiofsd: Drop CAP_FSETID if client asked for it
contrib/virtiofsd/Makefile.objs | 2 +
contrib/virtiofsd/fuse_common.h | 5 +-
contrib/virtiofsd/fuse_kernel.h | 1 +
contrib/virtiofsd/fuse_lowlevel.c | 6 +-
contrib/virtiofsd/passthrough_ll.c | 127 +++++++++++++++++++++++++++++
contrib/virtiofsd/seccomp.c | 2 +
6 files changed, 140 insertions(+), 3 deletions(-)
--
2.17.2
More information about the Virtio-fs
mailing list