git.proxmox.com Git - mirror_lxc.git/commit

author	Daniel Lezcano <dlezcano@fr.ibm.com>
	Tue, 20 Jul 2010 11:45:44 +0000 (13:45 +0200)
committer	Daniel Lezcano <dlezcano@fr.ibm.com>
	Tue, 20 Jul 2010 11:45:44 +0000 (13:45 +0200)
commit	b3357a6f5b90f1e342c270de66491afc412c1cf7
tree	2f04ebdbb306e7400f336ca07bfe3f9f12e20329	tree
parent	1c4a945262b8d110c3f8e0655ca50cb05d383c74	commit \| diff

remove/restore effective capabilities

This patch adds the functions to drop the 'effective' capabilities and
restore them from the 'permitted' capabilities.

When the command is run as 'root' we do nothing.
When the command is run as 'lambda' user, we drop the effective capabilities
When the command is run as 'root' but real uid is not root, we keep the capabilies,
switch to real uid, and drop the effective capabilities.

This approach is compatible for root user, lambda + file capabilities
and lambda + setuid.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

src/lxc/Makefile.am		diff \| blob \| blame \| history
src/lxc/caps.c	[new file with mode: 0644]	blob
src/lxc/caps.h	[new file with mode: 0644]	blob