[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7)
|
From: |
Miklos Szeredi |
|
Subject: |
Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7) |
|
Date: |
Fri, 19 Jun 2020 16:16:30 +0200 |
On Thu, Jun 18, 2020 at 9:08 PM Vivek Goyal <vgoyal@redhat.com> wrote:
>
> On Thu, Apr 16, 2020 at 05:49:05PM +0100, Stefan Hajnoczi wrote:
> > virtiofsd doesn't need of all Linux capabilities(7) available to root.
> > Keep a
> > whitelisted set of capabilities that we require. This improves security in
> > case virtiofsd is compromised by making it hard for an attacker to gain
> > further
> > access to the system.
>
> Hi Stefan,
>
> I just noticed that this patch set breaks overlayfs on top of virtiofs.
How so? Virtiofs isn't mounting overlayfs, is it? Only the mounter
requires CAP_SYS_ADMIN, not the accessor.
Thanks,
Miklos
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), (continued)
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Chirantan Ekbote, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Dr. David Alan Gilbert, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Chirantan Ekbote, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Dr. David Alan Gilbert, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Chirantan Ekbote, 2020/06/24
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/06/25
Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7),
Miklos Szeredi <=
Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/06/19