Re: [libvirt] [PATCH 2/5] util: allow using virCommandAllowCap with setuid helpers
That seems like a kernel flaw - it makes sense that you can't
_add_
capabilities without CAP_SETPCAP, but being unable to _drop_
capabilities without first acquiring a capability seems backwards.
You cannot add capabilities to the bounding set at all. It is a
one-way street.
/me learned a lot of things while writing these two patches.
In fact, capng_apply(CAPNG_SELECT_BOUNDS) will never fail, but I
preferred to be conservative in patch 1 just in case this changes
in the future.
Hmm, this seems like we may want it for 1.0.4
I do not think so, there should not be any cases right now where
unprivileged libvirt calls a setuid helper.
Paolo