On Thu, Jan 21, 2021 at 3:44 PM Stefan Hajnoczi <stefa...@redhat.com> wrote:
> This patch adds the missing checks to virtiofsd. This is a short-term > solution because it does not prevent a compromised virtiofsd process > from opening device nodes on the host. I think the proper solution is adding support to the host in order to restrict opens on filesystems that virtiofsd has access to. My idea was to add a "force_nodev" mount option that cannot be disabled and will make propagated mounts also be marked "force_nodev,nodev". A possibly simpler solution is to extend seccomp to restrict the process itself from being able to open special files. Not sure if that's within the scope of seccomp though. Thanks, Miklos
