From 2ad5d21714cb1d750396fabde3ad273ef9305579 Mon Sep 17 00:00:00 2001 From: Vitaliy Filippov Date: Sat, 4 Mar 2023 13:03:58 +0300 Subject: [PATCH] Drop geesefs root privileges --- pkg/mounter/geesefs.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/mounter/geesefs.go b/pkg/mounter/geesefs.go index 9be6b1c..7f8f025 100644 --- a/pkg/mounter/geesefs.go +++ b/pkg/mounter/geesefs.go @@ -93,6 +93,11 @@ func (geesefs *geesefsMounter) Mount(source, target, volumeID string) error { if geesefs.region != "" { args = append(args, "--region", geesefs.region) } + args = append( + args, + "--setuid", "65534", // nobody. drop root privileges + "--setgid", "65534", // nogroup + ) useSystemd := true for i := 0; i < len(geesefs.meta.MountOptions); i++ { if geesefs.meta.MountOptions[i] == "--no-systemd" {