[Virtio-fs] virtiofsd: doesn't garant write access at users allowed by group permission

[Ameer Ghani]

On 6/22/21, 8:46 AM, "Vivek Goyal" <vgoyal at redhat.com> wrote:

>    I guess its ok to set SECBIT_NO_SETUID_FIXUP and drop CAP_SETPCAP and
>    let virtiosd drop capabilities explicitly where need be.
>
>    If this becomes too painful or inefficient from performance point of view,
>    we probably will have to change it and set SECBIT_NO_SETUID_FIXUP only
>    during file creation path. (lo_create and lo_mknod).

I think I follow. Will proceed with permanent SECBIT_NO_SETUID_FIXUP, but I'll
also explore setting/dropping in places where it's explicitly needed.

>    I would think that don't ask user to opt-in for this behavior and just
>    implement it for everyone. Asking too many many questions will make
>    configuration more complex.

Understood.

>    Can you please also run xfstests and see if this patch introduces any
>    regressions. Just want to make sure there are no unintended side affects.
>
>    Please do submit a formal patch.

Will do!