From 359836a00d93974fce70583f08f7778909b7cfad Mon Sep 17 00:00:00 2001
From: Vitaliy Filippov <vitalif@yourcmc.ru>
Date: Sat, 4 Mar 2023 13:03:58 +0300
Subject: [PATCH] Drop geesefs root privileges

---
 pkg/mounter/geesefs.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkg/mounter/geesefs.go b/pkg/mounter/geesefs.go
index 9be6b1c..7f8f025 100644
--- a/pkg/mounter/geesefs.go
+++ b/pkg/mounter/geesefs.go
@@ -93,6 +93,11 @@ func (geesefs *geesefsMounter) Mount(source, target, volumeID string) error {
 	if geesefs.region != "" {
 		args = append(args, "--region", geesefs.region)
 	}
+	args = append(
+		args,
+		"--setuid", "65534", // nobody. drop root privileges
+		"--setgid", "65534", // nogroup
+	)
 	useSystemd := true
 	for i := 0; i < len(geesefs.meta.MountOptions); i++ {
 		if geesefs.meta.MountOptions[i] == "--no-systemd" {