[Virtio-fs] [PATCH 0/4] Drop CAP_FSETID if client needs to kill setuid/setgid bits
Dr. David Alan Gilbert
dgilbert at redhat.com
Wed Aug 14 09:55:05 UTC 2019
* Vivek Goyal (vgoyal at redhat.com) wrote:
> If a file has setuid/setuid bit set and a writer writes to file without
> having CAP_FSETID capability, kernel clears setuid/setgid bit on file.
>
> pjdfstest test chmod/12.t tests for this. With moving to 5.3 kernel and
> cache=none this test fails.
>
> Now Miklos has introducd a commit where if client thinks that
> setuid/setgid bit should be cleared, it sets FUSE_KILL_PRIV flag
> in fuse_write_in->write_flags. This is an indication to daemon to
> clear setuid/setgid bit atomically.
>
> So drop CAP_FSETID capability and then proceed with write and that
> should automatically clear setuid bit.
1,2,3 added to my world.
4 still to be discussed
> Vivek Goyal (4):
> virtiofsd: Fix number of padding bits in fuse_file_info
> virtiofsd: Use macros for write_flag parsing
> virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV
> virtiofsd: Drop CAP_FSETID if client asked for it
>
> contrib/virtiofsd/Makefile.objs | 2 +
> contrib/virtiofsd/fuse_common.h | 5 +-
> contrib/virtiofsd/fuse_kernel.h | 1 +
> contrib/virtiofsd/fuse_lowlevel.c | 6 +-
> contrib/virtiofsd/passthrough_ll.c | 127 +++++++++++++++++++++++++++++
> contrib/virtiofsd/seccomp.c | 2 +
> 6 files changed, 140 insertions(+), 3 deletions(-)
>
> --
> 2.17.2
>
--
Dr. David Alan Gilbert / dgilbert at redhat.com / Manchester, UK
More information about the Virtio-fs
mailing list