Major Filing this to track when this passt commit is included in RHEL, since we need it before turning on some new libguestfs functionality. Reproducer in the commit message
commit 5da0316f27c9b36b7ee4ba181d38a8dc358b2328
Author: Cole Robinson <crobinso@redhat.com>
Date: Wed Oct 8 11:01:33 2025 -0400
isolation: keep CAP_DAC_OVERRIDE initially
Reproducer that I'd expect to work:
$ cd $HOME
$ sudo passt --runas $UID --socket foo.sock
Failed to bind UNIX domain socket: Permission denied
A more practical example is for libguestfs apps when run as user=root:
+ libguestfs connects to libvirt qemu:///system
+ libvirt qemu:///system defaults to user=qemu
+ libvirt chowns /run/libvirt/qemu/passt dir to user=qemu
+ libguestfs instead requests the VM run as user=root
+ patches in progress but we are blocked by this issue
+ passt is launched as root, but because CAP_DAC_OVERRIDE has been
dropped, passt fails to create socket in qemu owned
/run/libvirt/qemu/passt
Fix it by not dropping CAP_DAC_OVERRIDE in isolate_initial.
This might look sketchy, but isolate_initial already keeps
CAP_SYS_ADMIN and CAP_NET_ADMIN, so we are probably no worse off.
- blocks
-
RHEL-117440 RFE: Avoid qemu setuid when running as root
-
- Planning
-
