mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-05 18:20:34 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/sys_util
History
Dmitry Torokhov 7100607448 Drop capabilities before spawning any vcpu thread 
In case crosvm starts with elevated capabilities (for example, we need
to start with CAP_SETGID to be able to map additional gids into plugin
jail), we should drop them before spawning VCPU threads.

BUG=b:117989168
TEST=Start plugin via concierge_client and verify the process does not
     have any effective or permitted privileges.
     tast run [] 'vm.*'

Change-Id: Ia1e80bfe19b296936d77fe9ffeda361211b41eed
Reviewed-on: https://chromium-review.googlesource.com/1506296
Commit-Ready: Dmitry Torokhov <dtor@chromium.org>
Tested-by: Dmitry Torokhov <dtor@chromium.org>
Tested-by: kokoro <noreply+kokoro@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
2019-03-08 21:20:23 -08:00
..
poll_token_derive
src Drop capabilities before spawning any vcpu thread 2019-03-08 21:20:23 -08:00
Cargo.toml