On 6/22/21, 8:46 AM, "Vivek Goyal" <[email protected]> wrote:
> I guess its ok to set SECBIT_NO_SETUID_FIXUP and drop CAP_SETPCAP and > let virtiosd drop capabilities explicitly where need be. > > If this becomes too painful or inefficient from performance point of view, > we probably will have to change it and set SECBIT_NO_SETUID_FIXUP only > during file creation path. (lo_create and lo_mknod). I think I follow. Will proceed with permanent SECBIT_NO_SETUID_FIXUP, but I'll also explore setting/dropping in places where it's explicitly needed. > I would think that don't ask user to opt-in for this behavior and just > implement it for everyone. Asking too many many questions will make > configuration more complex. Understood. > Can you please also run xfstests and see if this patch introduces any > regressions. Just want to make sure there are no unintended side affects. > > Please do submit a formal patch. Will do! _______________________________________________ Virtio-fs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/virtio-fs
