On Wed, Jan 26, 2022 at 05:47:09PM -0500, Vivek Goyal wrote:
> On Tue, Jan 25, 2022 at 03:12:11PM +0100, Greg Kurz wrote:
> > The upcoming implementation of ->sync_fs() needs to know about all
> > submounts in order to call syncfs() on them when virtiofsd is started
> > without '-o
On Tue, Jan 25, 2022 at 03:12:11PM +0100, Greg Kurz wrote:
> The upcoming implementation of ->sync_fs() needs to know about all
> submounts in order to call syncfs() on them when virtiofsd is started
> without '-o announce_submounts'.
>
> Track every inode that comes up with a new mount id in a
Still we have a hash map of all existing mount FDs. But instead of
refcounting mount FDs and letting them remove themselves from the
map, we manually
- add a mount FD when the (sub)mount inode is looked up, and
- remove a mount FD when the (sub)mount inode is forgotten.
When later implementing
Checklist for v1.1.0:
- [x] [Adds compatibility options](!61)
- [x] [Draft: Adds killpriv_v2/no_killpriv_v2 options](!62)
- [x] [xattr mapping add a new type "unsupported"](!67)
- [x] [Replace crate seccomp-sys with libseccomp-sys](!71)
- [x] [Drop membership of all supplementary groups
Following SemVer, we need to bump the minor number, as we are adding
new features.
Changes since v1.0.0:
- xattr mapping add a new type "unsupported" (!67)
- sandbox: Support combining --rlimit-nofile and --sandbox=chroot (!65)
- sandbox: Propagate exit code from child to parent (!64)
-
Adds options to enable/disable FUSE_HANDLE_KILLPRIV_V2 by specifying
option `--no-killpriv-v2` or `-o killpriv_v2/no_killpriv_v2`
---
https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/62
___
Virtio-fs mailing list
Virtio-fs@redhat.com
Following SemVer, we need to bump the minor number, as we are adding
new features.
Changes since v1.0.0:
- xattr mapping add a new type "unsupported" (!67)
- sandbox: Support combining --rlimit-nofile and --sandbox=chroot (!65)
- sandbox: Propagate exit code from child to parent (!64)
-
At the start, drop membership of all supplementary groups. This is
not required.
If we have membership of "root" supplementary group and when we switch
uid/gid using setresuid/setsgid, we still retain membership of existing
supplemntary groups. And that can allow some operations which are not
quest' into staging (2022-01-22
> 12:03:22 +)
>
> are available in the Git repository at:
>
> https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20220126
>
> for you to fetch changes up to 449e8171f96a6a944d1f3b7d3627ae059eae21ca:
>
> virtiofsd: Drop membership of
* Stefan Hajnoczi (stefa...@redhat.com) wrote:
> On Tue, Jan 25, 2022 at 01:51:14PM -0500, Vivek Goyal wrote:
> > At the start, drop membership of all supplementary groups. This is
> > not required.
> >
> > If we have membership of "root" supplementary group and when we switch
> > uid/gid using
gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20220126
for you to fetch changes up to 449e8171f96a6a944d1f3b7d3627ae059eae21ca:
virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358)
(2022-01-26 10:32:05 +)
From: Vivek Goyal
At the start, drop membership of all supplementary groups. This is
not required.
If we have membership of "root" supplementary group and when we switch
uid/gid using setresuid/setsgid, we still retain membership of existing
supplemntary groups. And that can allow some
On Tue, Jan 25, 2022 at 01:51:14PM -0500, Vivek Goyal wrote:
> At the start, drop membership of all supplementary groups. This is
> not required.
>
> If we have membership of "root" supplementary group and when we switch
> uid/gid using setresuid/setsgid, we still retain membership of existing
>
The crate seccomp-sys is licensed under the LGPLv2.1, which is
problematic because code from crates is not dynamically linked, but
compiled and linked into the binary.
Replace it with libseccomp-sys, which also provides the bindings we
need (in fact, we only need to change the reference to the
At the start, drop membership of all supplementary groups. This is
not required.
If we have membership of "root" supplementary group and when we switch
uid/gid using setresuid/setsgid, we still retain membership of existing
supplemntary groups. And that can allow some operations which are not
15 matches
Mail list logo