* Stefan Hajnoczi (stefa...@redhat.com) wrote: > virtiofsd doesn't need of all Linux capabilities(7) available to root. Keep a > whitelisted set of capabilities that we require. This improves security in > case virtiofsd is compromised by making it hard for an attacker to gain > further > access to the system.
Queued. > Stefan Hajnoczi (2): > virtiofsd: only retain file system capabilities > virtiofsd: drop all capabilities in the wait parent process > > tools/virtiofsd/passthrough_ll.c | 51 ++++++++++++++++++++++++++++++++ > 1 file changed, 51 insertions(+) > > -- > 2.25.1 > -- Dr. David Alan Gilbert / dgilb...@redhat.com / Manchester, UK