[Virtio-fs] [virtiofsd] MR opened: Draft: enabling a non-root user to set the UID/GID mappings inside a sandbox
virtiofs-bot at sinrega.org
virtiofs-bot at sinrega.org
Thu Sep 8 20:50:04 UTC 2022
This patch enables a non-root user to map a set of UID/GID mappings from a namespace to another set outside the namespace. Since unshare is used on the main thread of the virtiofsd, once the thread goes inside a namespace it is not able to map a range of UID/GID other than the current user/group that is running the virtiofsd. This patch enables a non-root user with CAP_SETUID, CAP_SETGID capabilities to set multiple mappings and then drop those capabilities. The UID/GID ranges can be specified using virtiofsd command line parameters.
---
https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/137
More information about the Virtio-fs
mailing list