[Virtio-fs] virtiofsd: doesn't garant write access at users allowed by group permission
Ameer Ghani
Ameer.Ghani at ibm.com
Thu Jun 24 14:23:16 UTC 2021
On 6/22/21, 8:46 AM, "Vivek Goyal" <vgoyal at redhat.com> wrote:
> I guess its ok to set SECBIT_NO_SETUID_FIXUP and drop CAP_SETPCAP and
> let virtiosd drop capabilities explicitly where need be.
>
> If this becomes too painful or inefficient from performance point of view,
> we probably will have to change it and set SECBIT_NO_SETUID_FIXUP only
> during file creation path. (lo_create and lo_mknod).
I think I follow. Will proceed with permanent SECBIT_NO_SETUID_FIXUP, but I'll
also explore setting/dropping in places where it's explicitly needed.
> I would think that don't ask user to opt-in for this behavior and just
> implement it for everyone. Asking too many many questions will make
> configuration more complex.
Understood.
> Can you please also run xfstests and see if this patch introduces any
> regressions. Just want to make sure there are no unintended side affects.
>
> Please do submit a formal patch.
Will do!
More information about the Virtio-fs
mailing list