On Thu, Oct 17, 2019 at 10:45:53AM -0400, Vivek Goyal wrote:
> On Wed, Oct 16, 2019 at 05:01:57PM +0100, Stefan Hajnoczi wrote:
>
> [..]
> > + /*
> > + * If the mounts have shared propagation then we want to opt out so our
> > + * mount changes don't affect the parent mount namespace.
> > + */
> > + if (mount(NULL, "/", NULL, MS_REC|MS_SLAVE, NULL) < 0) {
> > + fuse_log(FUSE_LOG_ERR, "mount(/, MS_REC|MS_SLAVE): %m\n");
> > + exit(1);
> > + }
>
> So we will get mount propogation form parent but our mounts will not
> propagate back. Sounds reasonable.
>
> Can we take away CAP_SYS_ADMIN from virtiofsd? That way it will not be
> able to do mount at all.
>
> I am wondering are we dependent on daemon having CAP_SYS_ADMIN. I don't know the answer. Additional patches to reduce the capability set as much as possible would be great, but are a separate task. Stefan
signature.asc
Description: PGP signature
