Although, virtiofsd expect to run as root, either as the real one, or the pseudo-root inside a user namespace, there are use cases there are use cases that need to be able to run virtiofsd as a non-privileged user outside a user namespace. In this mode many operations will not be available (e.g. chown).
There are some issues that are related to this MR: #8 and #43. Besides the request in #8 recently there was a request for this functionality in the matrix channel, I am creating this MR to have that discussion here. Notes: - Some operations fails, like chown, but these also fail with --sandbox=namespace. - I want to move the capability-related code and `enable_seccomp()` call into `sandbox.rs`, so I don't need to "leak" the info about the sandbox type chosen by the user. --- https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/136 _______________________________________________ Virtio-fs mailing list [email protected] https://listman.redhat.com/mailman/listinfo/virtio-fs
