On 03/27/2013 04:46 PM, Eric Blake wrote: > On 03/25/2013 08:25 AM, Paolo Bonzini wrote: >> When running unprivileged, virSetUIDGIDWithCaps will fail because it >> tries to add the requested capabilities to the permitted and effective >> sets. >> >> Detect this case, and invoke the child with cleared permitted and >> effective sets. If it is a setuid program, it will get them. >> >> Some care is needed also because you cannot drop capabilities from the >> bounding set without CAP_SETPCAP. Because of that, ignore errors from >> setting the bounding set. > > As written, the patch makes sense. ACK and pushed. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list