[Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7)
Stefan Hajnoczi
stefanha at redhat.com
Thu Apr 16 16:49:05 UTC 2020
virtiofsd doesn't need of all Linux capabilities(7) available to root. Keep a
whitelisted set of capabilities that we require. This improves security in
case virtiofsd is compromised by making it hard for an attacker to gain further
access to the system.
Stefan Hajnoczi (2):
virtiofsd: only retain file system capabilities
virtiofsd: drop all capabilities in the wait parent process
tools/virtiofsd/passthrough_ll.c | 51 ++++++++++++++++++++++++++++++++
1 file changed, 51 insertions(+)
--
2.25.1
More information about the Virtio-fs
mailing list