Inside drop_child_capabilities() there is a call to capng:apply() that clears the bounding set. It causes libcap-ng to fail when calling virtiofsd-rs with '--sandbox none' by an unprivileged user, because it doesn't have the CAP_SETPCAP capability. --- https://gitlab.com/virtio-fs/virtiofsd-rs/-/merge_requests/49
_______________________________________________ Virtio-fs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/virtio-fs
