[libvirt-users] dropping capabilities in lxc containers
Daniel P. Berrange
berrange at redhat.com
Wed Jan 29 13:27:28 UTC 2014
On Wed, Jan 29, 2014 at 09:43:25AM +0100, Thierry Parmentelat wrote:
> Hi there
>
> I’m not quite proficient with libvirt yet, and have been using it
> so far primarily to manage lxc containers
> I was hoping to find a means to configure the set of capabilities
> that guests should drop, but came across a few web pages suggesting
> these were set in stone in the code
> is this correct, or is there a means to tweak this set from the host
> via the xml config or a virsh command ?
>
> any hint / pointer to documentation in this respect would be most
> appreciated
That's correct, there's no means to configure this from the libvirt
XML config. The containers will be started with the maximal set of
capabilities we can reasonably allow. The app inside the container
can drop bits they don't require
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list