Bug 1897623 - virtiofsd: drop CAP_DAC_READ_SEARCH
Summary: virtiofsd: drop CAP_DAC_READ_SEARCH
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: qemu-kvm
Version: 8.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: 8.3
Assignee: Dr. David Alan Gilbert
QA Contact: xiagao
URL:
Whiteboard:
Depends On: 1896133
Blocks: 1899485
TreeView+ depends on / blocked
 
Reported: 2020-11-13 16:32 UTC by Yash Mankad
Modified: 2021-04-26 02:03 UTC (History)
13 users (show)

Fixed In Version: qemu-kvm-5.1.0-17.module+el8.3.1+9213+7ace09c3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1896133
: 1899485 (view as bug list)
Environment:
Last Closed: 2021-02-22 15:39:41 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Comment 8 menli@redhat.com 2020-12-18 01:54:22 UTC 
Reproduce this issue on build qemu-kvm-5.1.0-16.module+el8.3.1+8958+410ab178.x86_64, result is

[root@dell-per440-01 test]# capsh --drop=cap_dac_read_search --
[root@dell-per440-01 test]# capsh --print

[root@dell-per440-01 test]# /usr/libexec/virtiofsd --socket-path=/tmp/vhostqemu -o source=/dev/shm/ -o cache=none --thread-pool-size=1 -o log_level=debug
[67622509798381] [ID: 00058317] virtio_session_mount: Waiting for vhost-user socket connection...
[67629067486784] [ID: 00058317] virtio_session_mount: Received vhost-user socket connection
[67629089049141] [ID: 00000001] setup_capabilities: capng_apply failed


Verified with qemu-kvm-5.1.0-17.module+el8.3.1+9213+7ace09c3.x86_64 , result is

[root@dell-per440-01 ~]#  /usr/libexec/virtiofsd --socket-path=/tmp/vhostqemu -o source=/dev/shm/ -o cache=none --thread-pool-size=1 -o log_level=debug
[68337906701205] [ID: 00059200] virtio_session_mount: Waiting for vhost-user socket connection...
[68343976294849] [ID: 00059200] virtio_session_mount: Received vhost-user socket connection
[68343986181922] [ID: 00000001] virtio_loop: Entry
[68343986207261] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084730064] [ID: 00000001] virtio_loop: Got VU event
[68344084762970] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084777097] [ID: 00000001] virtio_loop: Got VU event
[68344084790558] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084804046] [ID: 00000001] virtio_loop: Got VU event
[68344084814572] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084819892] [ID: 00000001] virtio_loop: Got VU event
[68344084838898] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084851568] [ID: 00000001] virtio_loop: Got VU event
[68344084863797] [ID: 00000001] virtio_loop: Waiting for VU event
[68344084890624] [ID: 00000001] virtio_loop: Got VU event

So this issue is fixed, change status to verified.
Comment 10 errata-xmlrpc 2021-02-22 15:39:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (virt:8.3 bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:0639
Note You need to log in before you can comment on or make changes to this bug.