On Thu, Apr 16, 2020 at 04:10:22PM -0400, Vivek Goyal wrote: > On Thu, Apr 16, 2020 at 05:49:05PM +0100, Stefan Hajnoczi wrote: > > virtiofsd doesn't need of all Linux capabilities(7) available to root. > > Keep a > > whitelisted set of capabilities that we require. This improves security in > > case virtiofsd is compromised by making it hard for an attacker to gain > > further > > access to the system. > > Hi Stefan, > > Good to see this patch. We needed to limit capabilities to reduce attack > surface. > > What tests have you run to make sure this current set of whitelisted > capabilities is good enough.
Booting and light usage of Fedora 29 and running blogbench. I would appreciate it if others could try it out with their tests/workloads. Stefan
signature.asc
Description: PGP signature
