18 Apr
2013
18 Apr
'13
4:54 p.m.
On 03/27/2013 04:46 PM, Eric Blake wrote:
On 03/25/2013 08:25 AM, Paolo Bonzini wrote:
When running unprivileged, virSetUIDGIDWithCaps will fail because it tries to add the requested capabilities to the permitted and effective sets.
Detect this case, and invoke the child with cleared permitted and effective sets. If it is a setuid program, it will get them.
Some care is needed also because you cannot drop capabilities from the bounding set without CAP_SETPCAP. Because of that, ignore errors from setting the bounding set.
As written, the patch makes sense.
ACK and pushed. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org