virtiofsd doesn't need of all Linux capabilities(7) available to root. Keep a whitelisted set of capabilities that we require. This improves security in case virtiofsd is compromised by making it hard for an attacker to gain further access to the system.
Stefan Hajnoczi (2): virtiofsd: only retain file system capabilities virtiofsd: drop all capabilities in the wait parent process tools/virtiofsd/passthrough_ll.c | 51 ++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) -- 2.25.1
