[Virtio-fs] [virtiofsd] Issue closed: Can't run unprivileged any more due to setgroups
virtiofs-bot at sinrega.org
virtiofs-bot at sinrega.org
Sun Apr 3 09:55:57 UTC 2022
Since !77, it's not possible to run virtiofsd as an unprivileged user any more:
```
[2022-03-04T16:46:42Z ERROR virtiofsd] Error entering sandbox: DropSupplementalGroups(Os { code: 1, kind: PermissionDenied, message: "Operation not permitted" })
```
This is because `setgroups` is always called at startup, and it requires `CAP_SETGID`. When using the namespace sandbox mode, should `setgroups` be called _after_ setting up the namespace?
cc @slp @vgoyal
---
https://gitlab.com/virtio-fs/virtiofsd/-/issues/36
More information about the Virtio-fs
mailing list