[Virtio-fs] Current file handle status and open questions

[Miklos Szeredi]

On Tue, Apr 13, 2021 at 4:57 PM Vivek Goyal <vgoyal at redhat.com> wrote:

> I thought we are giving CAP_DAC_READ_SEARCH but I guest checked current
> source code and CAP_DAC_READ_SEARCH is not in the list. So that means
> either we or user will have to give it explicitly.

Looking at generic_permission() it appears that CAP_DAC_READ_SEARCH
gives a subset of CAP_DAC_OVERRIDE capabilities.  So it seems quite
safe at this point to enable CAP_DAC_READ_SEARCH too.

Thanks,
Miklos