On Thu, May 07, 2020 at 10:28:32AM +0100, Daniel P. Berrangé wrote: > If the person in the host launching virtiofsd is non-root, then > user namespaces mean they can offer the guest the full range of > POSIX APIs wrt access control & file ownership, since they're > no longer restricted to their single host UID when inside the > container.
What installs the uid_map/gid_map for virtiofsd? My machine has /etc/subuid and /etc/subgid, but how would this come into play with these patches applied? What happens when an unprivileged user who is not listed in /etc/subuid runs virtiofsd? Stefan
signature.asc
Description: PGP signature
