mirror of
https://github.com/aljazceru/kata-containers.git
synced 2025-12-31 21:14:25 +01:00
6abccb92ce
Hybrid VSOCK requires `root` privileges to access the sandbox-specific host-side AF_UNIX socket created by the hypervisor (CLH or FC). However, once the socket has been bound, privileges can be dropped, allowing the forwarder to run as user `nobody`. Fixes: #2905. Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>