On Thu, Feb 11, 2021 at 02:35:42PM +0000, Stefan Hajnoczi wrote: > On Tue, Feb 09, 2021 at 07:02:23PM +0000, Dr. David Alan Gilbert (git) wrote: > > From: Vivek Goyal <vgo...@redhat.com> > > > > As part of slave_io message, slave can ask to do I/O on an fd. Additionally > > slave can ask for dropping CAP_FSETID (if master has it) before doing I/O. > > Implement functionality to drop CAP_FSETID and gain it back after the > > operation. > > > > This also creates a dependency on libcap-ng. > > Is this patch only for the case where QEMU is running as root? >
Yes, it primarily is for the case where qemu is running as root, or somebody managed to launch it non-root but with still having capability CAP_FSETID. Vivek > I'm not sure it will have any effect on a regular QEMU (e.g. launched by > libvirt).
