[libvirt-users] dropping capabilities in lxc containers
Thierry Parmentelat
thierry.parmentelat at inria.fr
Wed Jan 29 14:33:23 UTC 2014
Thanks for the feedback
I take it from your answer that there is no current plan in the direction of adding this as a feature, right ?
In this case, how would you welcome pull requests if we managed to add this on our side ?
Many thanks — Thierry
On 29 Jan 2014, at 14:27, Daniel P. Berrange <berrange at redhat.com> wrote:
> On Wed, Jan 29, 2014 at 09:43:25AM +0100, Thierry Parmentelat wrote:
>> Hi there
>>
>> I’m not quite proficient with libvirt yet, and have been using it
>> so far primarily to manage lxc containers
>> I was hoping to find a means to configure the set of capabilities
>> that guests should drop, but came across a few web pages suggesting
>> these were set in stone in the code
>> is this correct, or is there a means to tweak this set from the host
>> via the xml config or a virsh command ?
>>
>> any hint / pointer to documentation in this respect would be most
>> appreciated
>
> That's correct, there's no means to configure this from the libvirt
> XML config. The containers will be started with the maximal set of
> capabilities we can reasonably allow. The app inside the container
> can drop bits they don't require
>
> Regards,
> Daniel
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
> |: http://libvirt.org -o- http://virt-manager.org :|
> |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
> |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list