On Tue, Apr 13, 2021 at 4:57 PM Vivek Goyal <[email protected]> wrote:
> I thought we are giving CAP_DAC_READ_SEARCH but I guest checked current > source code and CAP_DAC_READ_SEARCH is not in the list. So that means > either we or user will have to give it explicitly. Looking at generic_permission() it appears that CAP_DAC_READ_SEARCH gives a subset of CAP_DAC_OVERRIDE capabilities. So it seems quite safe at this point to enable CAP_DAC_READ_SEARCH too. Thanks, Miklos _______________________________________________ Virtio-fs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/virtio-fs
