yesBad/pve-storage
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

esxi: have the fuse process drop its privileges

Browse Source 
once it's mounted it only needs to make http requests and talk to the
open fuse fd

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller
2024-03-22 13:24:13 +01:00
parent 06a28968d8
commit 9bb651effa
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/PVE/Storage/ESXiPlugin.pm
View File

@ -215,6 +215,8 @@ sub esxi_mount : prototype($$$;$) {
exec {$ESXI_FUSE_TOOL} exec {$ESXI_FUSE_TOOL}
$ESXI_FUSE_TOOL, $ESXI_FUSE_TOOL,
@extra_params, @extra_params,
'--change-user', 'nobody',
'--change-group', 'nogroup',
'-o', 'allow_other', '-o', 'allow_other',
'--ready-fd', fileno($wr), '--ready-fd', fileno($wr),
'--user', $user, '--user', $user,