[libvirt] [PATCHv4 1/2] lxc: allow to keep or drop capabilities
chenhanxiao at cn.fujitsu.com
chenhanxiao at cn.fujitsu.com
Fri Jul 18 08:58:09 UTC 2014
> -----Original Message-----
> From: libvir-list-bounces at redhat.com [mailto:libvir-list-bounces at redhat.com]
> On Behalf Of Cédric Bosdonnat
> Sent: Friday, July 18, 2014 4:02 PM
> To: libvir-list at redhat.com
> Cc: Cédric Bosdonnat
> Subject: [libvirt] [PATCHv4 1/2] lxc: allow to keep or drop capabilities
>
> Added <capabilities> in the <features> section of LXC domains
> configuration. This section can contain elements named after the
> capabilities like:
>
> <mknod state="on"/>, keep CAP_MKNOD capability
> <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability
>
> Users can restrict or give more capabilities than the default using
> this mechanism.
> ---
Reviewed-by: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
More information about the libvir-list
mailing list