[Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7)
Dr. David Alan Gilbert
dgilbert at redhat.com
Fri May 1 18:28:57 UTC 2020
* Stefan Hajnoczi (stefanha at redhat.com) wrote:
> virtiofsd doesn't need of all Linux capabilities(7) available to root. Keep a
> whitelisted set of capabilities that we require. This improves security in
> case virtiofsd is compromised by making it hard for an attacker to gain further
> access to the system.
Queued.
> Stefan Hajnoczi (2):
> virtiofsd: only retain file system capabilities
> virtiofsd: drop all capabilities in the wait parent process
>
> tools/virtiofsd/passthrough_ll.c | 51 ++++++++++++++++++++++++++++++++
> 1 file changed, 51 insertions(+)
>
> --
> 2.25.1
>
--
Dr. David Alan Gilbert / dgilbert at redhat.com / Manchester, UK
More information about the Virtio-fs
mailing list