+-- On Mon, 18 Jan 2021, Stefan Hajnoczi wrote --+ | Guest applications may run with different uids/gids. The host has no control | over that. | | Imagine booting a guest form a virtio-fs root file system and installing | packages. The guest must be able to control uids/gids for that to work.
* I see; I'll try to better understand how it's done. * With UID namespaces, I thought virtiofsd(1) would be able to operate files with arbitrary uid/gid, even after dropping its root privileges to acquire non-root privileges on the host; Because it has 'root' privileges under the shared directory & UID namespace. | > $ ./virtiofsd -runas test -o source=... | | Patches for this are welcome. * Okay, will try. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D _______________________________________________ Virtio-fs mailing list [email protected] https://www.redhat.com/mailman/listinfo/virtio-fs
