Re: [PATCH 0/2] virtiofsd: drop Linux capabilities(7)

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 0/2] virtiofsd: drop Linux capabilities(7)

From:	Dr. David Alan Gilbert
Subject:	Re: [PATCH 0/2] virtiofsd: drop Linux capabilities(7)
Date:	Fri, 1 May 2020 19:28:57 +0100
User-agent:	Mutt/1.13.4 (2020-02-15)

* Stefan Hajnoczi (address@hidden) wrote:
> virtiofsd doesn't need of all Linux capabilities(7) available to root.  Keep a
> whitelisted set of capabilities that we require.  This improves security in
> case virtiofsd is compromised by making it hard for an attacker to gain 
> further
> access to the system.

Queued.

> Stefan Hajnoczi (2):
>   virtiofsd: only retain file system capabilities
>   virtiofsd: drop all capabilities in the wait parent process
> 
>  tools/virtiofsd/passthrough_ll.c | 51 ++++++++++++++++++++++++++++++++
>  1 file changed, 51 insertions(+)
> 
> -- 
> 2.25.1
> 
--
Dr. David Alan Gilbert / address@hidden / Manchester, UK

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Dr. David Alan Gilbert <=

Prev by Date: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root
Next by Date: Re: [PATCH] qcow2: Avoid integer wraparound in qcow2_co_truncate()
Previous by thread: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root
Next by thread: [PATCH v2] target/riscv: fix check of guest pa top bits
Index(es):
- Date
- Thread