[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root
|
From: |
Stefan Hajnoczi |
|
Subject: |
Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root |
|
Date: |
Thu, 21 May 2020 11:19:23 +0100 |
On Thu, May 07, 2020 at 10:28:32AM +0100, Daniel P. Berrangé wrote:
> If the person in the host launching virtiofsd is non-root, then
> user namespaces mean they can offer the guest the full range of
> POSIX APIs wrt access control & file ownership, since they're
> no longer restricted to their single host UID when inside the
> container.
What installs the uid_map/gid_map for virtiofsd?
My machine has /etc/subuid and /etc/subgid, but how would this come into
play with these patches applied?
What happens when an unprivileged user who is not listed in /etc/subuid
runs virtiofsd?
Stefan
signature.asc
Description: PGP signature
- [PATCH] virtiofsd: Use clone() and not unshare(), support non-root, Colin Walters, 2020/05/01
- Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root, Daniel P . Berrangé, 2020/05/04
- Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root, Stefan Hajnoczi, 2020/05/04
- Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root, Marc-André Lureau, 2020/05/04
- Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root, Dr. David Alan Gilbert, 2020/05/06