[Virtio-fs] [RFC] About non-root virtiofsd(1) process
P J P
ppandit at redhat.com
Tue Jan 19 14:34:29 UTC 2021
+-- On Mon, 18 Jan 2021, Stefan Hajnoczi wrote --+
| Guest applications may run with different uids/gids. The host has no control
| over that.
|
| Imagine booting a guest form a virtio-fs root file system and installing
| packages. The guest must be able to control uids/gids for that to work.
* I see; I'll try to better understand how it's done.
* With UID namespaces, I thought virtiofsd(1) would be able to operate files
with arbitrary uid/gid, even after dropping its root privileges to acquire
non-root privileges on the host; Because it has 'root' privileges under the
shared directory & UID namespace.
| > $ ./virtiofsd -runas test -o source=...
|
| Patches for this are welcome.
* Okay, will try.
Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D
More information about the Virtio-fs
mailing list