]> git.proxmox.com Git - mirror_lxc.git/commit - src/lxc/Makefile.am
remove/restore effective capabilities
authorDaniel Lezcano <dlezcano@fr.ibm.com>
Tue, 20 Jul 2010 11:45:44 +0000 (13:45 +0200)
committerDaniel Lezcano <dlezcano@fr.ibm.com>
Tue, 20 Jul 2010 11:45:44 +0000 (13:45 +0200)
commitb3357a6f5b90f1e342c270de66491afc412c1cf7
tree2f04ebdbb306e7400f336ca07bfe3f9f12e20329
parent1c4a945262b8d110c3f8e0655ca50cb05d383c74
remove/restore effective capabilities

This patch adds the functions to drop the 'effective' capabilities and
restore them from the 'permitted' capabilities.

When the command is run as 'root' we do nothing.
When the command is run as 'lambda' user, we drop the effective capabilities
When the command is run as 'root' but real uid is not root, we keep the capabilies,
switch to real uid, and drop the effective capabilities.

This approach is compatible for root user, lambda + file capabilities
and lambda + setuid.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
src/lxc/Makefile.am
src/lxc/caps.c [new file with mode: 0644]
src/lxc/caps.h [new file with mode: 0644]