[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 23/24] vhost-user-fs: Implement drop CAP_FSETID functionality
From: |
Vivek Goyal |
Subject: |
Re: [PATCH 23/24] vhost-user-fs: Implement drop CAP_FSETID functionality |
Date: |
Tue, 16 Feb 2021 10:57:10 -0500 |
On Mon, Feb 15, 2021 at 03:57:11PM +0000, Stefan Hajnoczi wrote:
> On Thu, Feb 11, 2021 at 09:40:31AM -0500, Vivek Goyal wrote:
> > On Thu, Feb 11, 2021 at 02:35:42PM +0000, Stefan Hajnoczi wrote:
> > > On Tue, Feb 09, 2021 at 07:02:23PM +0000, Dr. David Alan Gilbert (git)
> > > wrote:
> > > > From: Vivek Goyal <vgoyal@redhat.com>
> > > >
> > > > As part of slave_io message, slave can ask to do I/O on an fd.
> > > > Additionally
> > > > slave can ask for dropping CAP_FSETID (if master has it) before doing
> > > > I/O.
> > > > Implement functionality to drop CAP_FSETID and gain it back after the
> > > > operation.
> > > >
> > > > This also creates a dependency on libcap-ng.
> > >
> > > Is this patch only for the case where QEMU is running as root?
> > >
> >
> > Yes, it primarily is for the case where qemu is running as root, or
> > somebody managed to launch it non-root but with still having capability
> > CAP_FSETID.
>
> Running QEMU as root is not encouraged because the security model is
> designed around the principle of least privilege (only give QEMU access
> to resources that belong to the guest).
>
> What happens in the case where QEMU is not root? Does that mean QEMU
> will drop suid/guid bits even if the FUSE client wanted them to be
> preserved?
QEMU will drop CAP_FSETID only if vhost-user slave asked for it. There
is no notion of gaining CAP_FSETID.
IOW, yes, if qemu is running unpriviliged and does not have CAP_FSETID,
then we will end up clearing setuid bit on host. Not sure how that
problem can be fixed.
Vivek
- Re: [PATCH 17/24] DAX/unmap virtiofsd: Add wrappers for VHOST_USER_SLAVE_FS_IO, (continued)
- [PATCH 20/24] DAX/unmap virtiofsd: route unmappable write to slave command, Dr. David Alan Gilbert (git), 2021/02/09
- [PATCH 21/24] DAX:virtiofsd: implement FUSE_INIT map_alignment field, Dr. David Alan Gilbert (git), 2021/02/09
- [PATCH 22/24] vhost-user-fs: Extend VhostUserFSSlaveMsg to pass additional info, Dr. David Alan Gilbert (git), 2021/02/09
- [PATCH 16/24] DAX/unmap: virtiofsd: Add VHOST_USER_SLAVE_FS_IO, Dr. David Alan Gilbert (git), 2021/02/09
- [PATCH 23/24] vhost-user-fs: Implement drop CAP_FSETID functionality, Dr. David Alan Gilbert (git), 2021/02/09
[PATCH 24/24] virtiofsd: Ask qemu to drop CAP_FSETID if client asked for it, Dr. David Alan Gilbert (git), 2021/02/09