virtiofsd: drop all capabilities in the wait parent process

All this process does is wait for its child. No capabilities are needed. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2024-07-21 18:34:33 +00:00 · 2020-04-16 17:49:07 +01:00 · 2020-04-16 17:49:07 +01:00 · 66502bbca3
parent a59feb483b
commit 66502bbca3
1 changed files with 13 additions and 0 deletions
--- a/tools/virtiofsd/passthrough_ll.c
+++ b/tools/virtiofsd/passthrough_ll.c
@ -2530,6 +2530,17 @@ static void print_capabilities(void)
    printf("}\n");
 }

+/*
+ * Drop all Linux capabilities because the wait parent process only needs to
+ * sit in waitpid(2) and terminate.
+ */
+static void setup_wait_parent_capabilities(void)
+{
+    capng_setpid(syscall(SYS_gettid));
+    capng_clear(CAPNG_SELECT_BOTH);
+    capng_apply(CAPNG_SELECT_BOTH);
+}
+
 /*
 * Move to a new mount, net, and pid namespaces to isolate this process.
 */
@ -2563,6 +2574,8 @@ static void setup_namespaces(struct lo_data *lo, struct fuse_session *se)
        pid_t waited;
        int wstatus;

+        setup_wait_parent_capabilities();
+
        /* The parent waits for the child */
        do {
            waited = waitpid(child, &wstatus, 0);