Since !77, it's not possible to run virtiofsd as an unprivileged user any more:
```
[2022-03-04T16:46:42Z ERROR virtiofsd] Error entering sandbox:
DropSupplementalGroups(Os { code: 1, kind: PermissionDenied, message:
"Operation not permitted" })
```
This is because `setgroups` is always called at startup, and it requires
`CAP_SETGID`. When using the namespace sandbox mode, should `setgroups` be
called _after_ setting up the namespace?
cc @slp @vgoyal
---
https://gitlab.com/virtio-fs/virtiofsd/-/issues/36
_______________________________________________
Virtio-fs mailing list
[email protected]
https://listman.redhat.com/mailman/listinfo/virtio-fs
