aboutgitcodebugslistschat
path: root/tap.c
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2022-10-14 15:25:35 +1100
committerStefano Brivio <sbrivio@redhat.com>2022-10-15 02:10:36 +0200
commitfb449b16bd8ccf8b751dfa5aee54cb7de0525706 (patch)
treed980c9a46b9cf94ee0320e8d6aa0c2b3ec378c23 /tap.c
parentc22ebccba8a09065e59d080ac7a2969a267974ce (diff)
downloadpasst-fb449b16bd8ccf8b751dfa5aee54cb7de0525706.tar
passt-fb449b16bd8ccf8b751dfa5aee54cb7de0525706.tar.gz
passt-fb449b16bd8ccf8b751dfa5aee54cb7de0525706.tar.bz2
passt-fb449b16bd8ccf8b751dfa5aee54cb7de0525706.tar.lz
passt-fb449b16bd8ccf8b751dfa5aee54cb7de0525706.tar.xz
passt-fb449b16bd8ccf8b751dfa5aee54cb7de0525706.tar.zst
passt-fb449b16bd8ccf8b751dfa5aee54cb7de0525706.zip
isolation: Prevent any child processes gaining capabilities
We drop our own capabilities, but it's possible that processes we exec() could gain extra privilege via file capabilities. It shouldn't be possible for us to exec() anyway due to seccomp() and our filesystem isolation. But just in case, zero the bounding and inheritable capability sets to prevent any such child from gainin privilege. Note that we do this *after* spawning the pasta shell/command (if any), because we do want the user to be able to give that privilege if they want. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'tap.c')
0 files changed, 0 insertions, 0 deletions