git.proxmox.com Git - mirror_lxc.git/commit

author	Daniel Lezcano <dlezcano@fr.ibm.com>
	Thu, 21 Jan 2010 13:48:42 +0000 (14:48 +0100)
committer	Daniel Lezcano <dlezcano@fr.ibm.com>
	Thu, 21 Jan 2010 14:06:42 +0000 (15:06 +0100)
commit	81810dd120291b78daf7c6833e6fcbca0289aad5
tree	a273845d1f58a3af144a1538f99199bb39013fcc	tree
parent	7674618ce4132f2bc1f3818a181475e58e890bfe	commit \| diff

drop capabilities

Hello everyone!

I've written a patch which adds a new config keyword
'lxc.cap.drop'. This keyword allows to specify capabilities which are
dropped before executing the container binary.

Example:

lxc.cap.drop = sys_chroot
lxc.cap.drop = mknod
lxc.cap.drop = sys_module

or specify in a single line:

lxc.cap.drop = sys_chroot mknod sys_module

Reworked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michael Holzt <lxc@my.fqdn.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

doc/lxc.conf.sgml.in		diff \| blob \| blame \| history
src/lxc/conf.c		diff \| blob \| blame \| history
src/lxc/conf.h		diff \| blob \| blame \| history
src/lxc/confile.c		diff \| blob \| blame \| history