[PATCH 0/2] virtiofsd: drop Linux capabilities(7)

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/2] virtiofsd: drop Linux capabilities(7)

From:	Stefan Hajnoczi
Subject:	[PATCH 0/2] virtiofsd: drop Linux capabilities(7)
Date:	Thu, 16 Apr 2020 17:49:05 +0100

virtiofsd doesn't need of all Linux capabilities(7) available to root.  Keep a
whitelisted set of capabilities that we require.  This improves security in
case virtiofsd is compromised by making it hard for an attacker to gain further
access to the system.

Stefan Hajnoczi (2):
  virtiofsd: only retain file system capabilities
  virtiofsd: drop all capabilities in the wait parent process

 tools/virtiofsd/passthrough_ll.c | 51 ++++++++++++++++++++++++++++++++
 1 file changed, 51 insertions(+)

-- 
2.25.1

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/2] virtiofsd: drop Linux capabilities(7), Stefan Hajnoczi <=
- [PATCH 1/2] virtiofsd: only retain file system capabilities, Stefan Hajnoczi, 2020/04/16
  - Re: [PATCH 1/2] virtiofsd: only retain file system capabilities, Dr. David Alan Gilbert, 2020/04/28
- [PATCH 2/2] virtiofsd: drop all capabilities in the wait parent process, Stefan Hajnoczi, 2020/04/16
  - Re: [PATCH 2/2] virtiofsd: drop all capabilities in the wait parent process, Philippe Mathieu-Daudé, 2020/04/16
- Re: [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/04/16
  - Re: [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Stefan Hajnoczi, 2020/04/17

Prev by Date: Re: [PATCH v2] aspeed: Add boot stub for smp booting
Next by Date: [PATCH 1/2] virtiofsd: only retain file system capabilities
Previous by thread: Re: [PATCH v2 4/6] dwc-hsotg USB host controller emulation
Next by thread: [PATCH 1/2] virtiofsd: only retain file system capabilities
Index(es):
- Date
- Thread