Re: [Virtio-fs] [PATCH v4 1/2] virtiofsd: Track mounts

On Wed, Jan 26, 2022 at 05:47:09PM -0500, Vivek Goyal wrote: > On Tue, Jan 25, 2022 at 03:12:11PM +0100, Greg Kurz wrote: > > The upcoming implementation of ->sync_fs() needs to know about all > > submounts in order to call syncfs() on them when virtiofsd is started > > without '-o

Re: [Virtio-fs] [PATCH v4 1/2] virtiofsd: Track mounts

On Tue, Jan 25, 2022 at 03:12:11PM +0100, Greg Kurz wrote: > The upcoming implementation of ->sync_fs() needs to know about all > submounts in order to call syncfs() on them when virtiofsd is started > without '-o announce_submounts'. > > Track every inode that comes up with a new mount id in a

[Virtio-fs] [virtiofsd] MR opened: mount_fd: Manually manage mount file descriptors

Still we have a hash map of all existing mount FDs. But instead of refcounting mount FDs and letting them remove themselves from the map, we manually - add a mount FD when the (sub)mount inode is looked up, and - remove a mount FD when the (sub)mount inode is forgotten. When later implementing

[Virtio-fs] [virtiofsd] Issue closed: Release v1.1.0

Checklist for v1.1.0: - [x] [Adds compatibility options](!61) - [x] [Draft: Adds killpriv_v2/no_killpriv_v2 options](!62) - [x] [xattr mapping add a new type "unsupported"](!67) - [x] [Replace crate seccomp-sys with libseccomp-sys](!71) - [x] [Drop membership of all supplementary groups

[Virtio-fs] [virtiofsd] MR merged: Bump version to v1.1.0

Following SemVer, we need to bump the minor number, as we are adding new features. Changes since v1.0.0: - xattr mapping add a new type "unsupported" (!67) - sandbox: Support combining --rlimit-nofile and --sandbox=chroot (!65) - sandbox: Propagate exit code from child to parent (!64) -

[Virtio-fs] [virtiofsd] MR merged: Adds killpriv_v2/no_killpriv_v2 options

Adds options to enable/disable FUSE_HANDLE_KILLPRIV_V2 by specifying option `--no-killpriv-v2` or `-o killpriv_v2/no_killpriv_v2` --- https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/62 ___ Virtio-fs mailing list Virtio-fs@redhat.com

[Virtio-fs] [virtiofsd] MR opened: Bump version to v1.1.0

Following SemVer, we need to bump the minor number, as we are adding new features. Changes since v1.0.0: - xattr mapping add a new type "unsupported" (!67) - sandbox: Support combining --rlimit-nofile and --sandbox=chroot (!65) - sandbox: Propagate exit code from child to parent (!64) -

[Virtio-fs] [virtiofsd] MR merged: Drop membership of all supplementary groups (CVE-2022-0358)

At the start, drop membership of all supplementary groups. This is not required. If we have membership of "root" supplementary group and when we switch uid/gid using setresuid/setsgid, we still retain membership of existing supplemntary groups. And that can allow some operations which are not

Re: [Virtio-fs] [PULL 0/1] virtiofs queue

quest' into staging (2022-01-22 > 12:03:22 +) > > are available in the Git repository at: > > https://gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20220126 > > for you to fetch changes up to 449e8171f96a6a944d1f3b7d3627ae059eae21ca: > > virtiofsd: Drop membership of

Re: [Virtio-fs] [PATCH] virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358)

* Stefan Hajnoczi (stefa...@redhat.com) wrote: > On Tue, Jan 25, 2022 at 01:51:14PM -0500, Vivek Goyal wrote: > > At the start, drop membership of all supplementary groups. This is > > not required. > > > > If we have membership of "root" supplementary group and when we switch > > uid/gid using

[Virtio-fs] [PULL 0/1] virtiofs queue

gitlab.com/dagrh/qemu.git tags/pull-virtiofs-20220126 for you to fetch changes up to 449e8171f96a6a944d1f3b7d3627ae059eae21ca: virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358) (2022-01-26 10:32:05 +)

[Virtio-fs] [PULL 1/1] virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358)

From: Vivek Goyal At the start, drop membership of all supplementary groups. This is not required. If we have membership of "root" supplementary group and when we switch uid/gid using setresuid/setsgid, we still retain membership of existing supplemntary groups. And that can allow some

Re: [Virtio-fs] [PATCH] virtiofsd: Drop membership of all supplementary groups (CVE-2022-0358)

On Tue, Jan 25, 2022 at 01:51:14PM -0500, Vivek Goyal wrote: > At the start, drop membership of all supplementary groups. This is > not required. > > If we have membership of "root" supplementary group and when we switch > uid/gid using setresuid/setsgid, we still retain membership of existing >

[Virtio-fs] [virtiofsd] MR merged: Replace crate seccomp-sys with libseccomp-sys

The crate seccomp-sys is licensed under the LGPLv2.1, which is problematic because code from crates is not dynamically linked, but compiled and linked into the binary. Replace it with libseccomp-sys, which also provides the bindings we need (in fact, we only need to change the reference to the

[Virtio-fs] [virtiofsd] MR opened: Drop membership of all supplementary groups (CVE-2022-0358)

At the start, drop membership of all supplementary groups. This is not required. If we have membership of "root" supplementary group and when we switch uid/gid using setresuid/setsgid, we still retain membership of existing supplemntary groups. And that can allow some operations which are not