Bug 1897623

Summary: virtiofsd: drop CAP_DAC_READ_SEARCH
Product: Red Hat Enterprise Linux Advanced Virtualization Reporter: Yash Mankad <ymankad>
Component: qemu-kvmAssignee: Dr. David Alan Gilbert <dgilbert>
qemu-kvm sub component: virtio-fs QA Contact: xiagao
Status: CLOSED ERRATA Docs Contact:
Severity: unspecified    
Priority: unspecified CC: ailan, danken, ddepaula, dgilbert, ehadley, jinzhao, juzhang, lijin, menli, toneata, virt-maint, xiagao, ymankad
Version: 8.3Keywords: RFE, Triaged, Upstream
Target Milestone: rc   
Target Release: 8.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: qemu-kvm-5.1.0-17.module+el8.3.1+9213+7ace09c3 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1896133
: 1899485 (view as bug list) Environment:
Last Closed: 2021-02-22 15:39:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1896133    
Bug Blocks: 1899485    

Comment 8 menli@redhat.com 2020-12-18 01:54:22 UTC 
Reproduce this issue on build qemu-kvm-5.1.0-16.module+el8.3.1+8958+410ab178.x86_64, result is

[root@dell-per440-01 test]# capsh --drop=cap_dac_read_search --
[root@dell-per440-01 test]# capsh --print

[root@dell-per440-01 test]# /usr/libexec/virtiofsd --socket-path=/tmp/vhostqemu -o source=/dev/shm/ -o cache=none --thread-pool-size=1 -o log_level=debug
[67622509798381] [ID: 00058317] virtio_session_mount: Waiting for vhost-user socket connection...
[67629067486784] [ID: 00058317] virtio_session_mount: Received vhost-user socket connection
[67629089049141] [ID: 00000001] setup_capabilities: capng_apply failed


Verified with qemu-kvm-5.1.0-17.module+el8.3.1+9213+7ace09c3.x86_64 , result is

[root@dell-per440-01 ~]#  /usr/libexec/virtiofsd --socket-path=/tmp/vhostqemu -o source=/dev/shm/ -o cache=none --thread-pool-size=1 -o log_level=debug
[68337906701205] [ID: 00059200] virtio_session_mount: Waiting for vhost-user socket connection...
[68343976294849] [ID: 00059200] virtio_session_mount: Received vhost-user socket connection
[68343986181922] [ID: 00000001] virtio_loop: Entry
[68343986207261] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084730064] [ID: 00000001] virtio_loop: Got VU event
[68344084762970] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084777097] [ID: 00000001] virtio_loop: Got VU event
[68344084790558] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084804046] [ID: 00000001] virtio_loop: Got VU event
[68344084814572] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084819892] [ID: 00000001] virtio_loop: Got VU event
[68344084838898] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084851568] [ID: 00000001] virtio_loop: Got VU event
[68344084863797] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084890624] [ID: 00000001] virtio_loop: Got VU event

So this issue is fixed, change status to verified.
Comment 10 errata-xmlrpc 2021-02-22 15:39:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0639