[libvirt-users] lxc capabilities

Daniel P. Berrange berrange at redhat.com
Thu Dec 8 15:34:48 UTC 2011


On Thu, Dec 08, 2011 at 07:14:41AM -0800, Chris Haumesser wrote:
> Chris Haumesser wrote:
> > Am I misinterpreting the output of getpcaps then? (getpcaps is rather
> > undocumented).
> 
> Answering my own question, I was misinterpreting the output of getpcaps.
> I found the cap_from_text(3) man page, which explained the output format.
> 
> I still don't understand why I was able to reboot the host from within a
> container, however.

Well I just confirmed (the hard way!) that you are correct. It is possible
to reboot the host from inside the container, despire CAP_SYS_REBOOT
being blocked. I'll try & figure out how that's happening/possible...

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvirt-users mailing list