Arnd Bergmann wrote:
Well, the difference matters from a security perspective. The sudo script that Avi suggested just means that you can guarantee you don't introduce any security holes through a suid executable. Fortunately, it does not impact the contents of your helper either, only the installation. You could even be clever in qemu and use call the helper using sudo if qemu is running as unpriviledged user and the helper is not a suid file.
Or just use fscaps and not even work about suid :-) That's the preferred model.
Regards, Anthony Liguori
