Skip to content

Disable killpriv_v2 by default

Vivek Goyal requested to merge vgoyal/virtiofsd-rs:no-killpriv-default into main

Right now killpriv_v2 is enabled by default. It has few issues.

  • Does not work on NFS. And I think there are other remote filesystems it will not work on because it primarily relies on dropping CAP_FSETID when needed and that triggers clearing suid/sgid in many of the cases as needed.

  • killpriv_v2 is not perfect. Came to know that couple of fstests (generic/193 and generic/355) are failing. Something fails on ext4 and while other thing fails on xfs etc. Some of them are probably deep filesystem issues which need to be investigated and fixed.

I plan to start diving into the these issues and see how many of these are fixable. But that will take time and fixes will show up slowly in future kernels. And we need to also cater to existing kernels.

Hence I think disabling killpriv_v2 by default is better default for our users.

Given it is disabled by default now, I also had to add a new parameter "--killpriv-v2" so that users can enable it if they want to test/debug with this option.

Usage of overrides_with() allows POSIX style command line ordering between --killpriv-v2 and --no-killpriv-v2 where last option wins and takes affect if user decides to pass multiple of these arguments on command line.

Signed-off-by: Vivek Goyal vgoyal@redhat.com

Merge request reports