From: Vivek Goyal <vgoyal@redhat.com>
To: virtio-fs@redhat.com
Subject: [Virtio-fs] [PATCH 0/4] Drop CAP_FSETID if client needs to kill setuid/setgid bits
Date: Tue, 13 Aug 2019 15:29:40 -0400 [thread overview]
Message-ID: <20190813192944.26009-1-vgoyal@redhat.com> (raw)
If a file has setuid/setuid bit set and a writer writes to file without
having CAP_FSETID capability, kernel clears setuid/setgid bit on file.
pjdfstest test chmod/12.t tests for this. With moving to 5.3 kernel and
cache=none this test fails.
Now Miklos has introducd a commit where if client thinks that
setuid/setgid bit should be cleared, it sets FUSE_KILL_PRIV flag
in fuse_write_in->write_flags. This is an indication to daemon to
clear setuid/setgid bit atomically.
So drop CAP_FSETID capability and then proceed with write and that
should automatically clear setuid bit.
Vivek Goyal (4):
virtiofsd: Fix number of padding bits in fuse_file_info
virtiofsd: Use macros for write_flag parsing
virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV
virtiofsd: Drop CAP_FSETID if client asked for it
contrib/virtiofsd/Makefile.objs | 2 +
contrib/virtiofsd/fuse_common.h | 5 +-
contrib/virtiofsd/fuse_kernel.h | 1 +
contrib/virtiofsd/fuse_lowlevel.c | 6 +-
contrib/virtiofsd/passthrough_ll.c | 127 +++++++++++++++++++++++++++++
contrib/virtiofsd/seccomp.c | 2 +
6 files changed, 140 insertions(+), 3 deletions(-)
--
2.17.2
next reply other threads:[~2019-08-13 19:29 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-13 19:29 Vivek Goyal [this message]
2019-08-13 19:29 ` [Virtio-fs] [PATCH 1/4] virtiofsd: Fix number of padding bits in fuse_file_info Vivek Goyal
2019-08-14 8:54 ` Dr. David Alan Gilbert
2019-08-21 11:25 ` Dr. David Alan Gilbert
2019-08-13 19:29 ` [Virtio-fs] [PATCH 2/4] virtiofsd: Use macros for write_flag parsing Vivek Goyal
2019-08-14 9:13 ` Dr. David Alan Gilbert
2019-08-13 19:29 ` [Virtio-fs] [PATCH 3/4] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV Vivek Goyal
2019-08-14 9:28 ` Dr. David Alan Gilbert
2019-08-13 19:29 ` [Virtio-fs] [PATCH 4/4] virtiofsd: Drop CAP_FSETID if client asked for it Vivek Goyal
2019-08-14 9:52 ` Dr. David Alan Gilbert
2019-08-14 12:43 ` Vivek Goyal
2019-08-14 13:17 ` Dr. David Alan Gilbert
2019-08-14 9:55 ` [Virtio-fs] [PATCH 0/4] Drop CAP_FSETID if client needs to kill setuid/setgid bits Dr. David Alan Gilbert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190813192944.26009-1-vgoyal@redhat.com \
--to=vgoyal@redhat.com \
--cc=virtio-fs@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.