[libvirt] [PATCH 0/3] Misc fixes

Cédric Bosdonnat cbosdonnat at suse.com
Tue Nov 17 14:14:49 UTC 2015

Hi all,

Here are a few patches without strong connection together. The first one
only allows us not to package virt-login-shell even with lxc driver
enabled. The other ones are related to mounts security.

I'm wondering if changing the default dropped capabilities in the lxc
driver is acceptable... dropping sys_admin makes sense, but it can
introduce incompatibilities for users needing it as they will need to
explicitely enable it.

Cédric Bosdonnat (3):
  Allow building lxc without virt-login-shell
  virt-aa-helper: don't deny writes to readonly mounts
  lxc: drop sys_admin caps by default

 configure.ac                  | 14 ++++++++++++++
 src/lxc/lxc_container.c       |  1 +
 src/security/virt-aa-helper.c |  5 ++++-
 tools/Makefile.am             | 12 ++++++------
 4 files changed, 25 insertions(+), 7 deletions(-)


More information about the libvir-list mailing list