18 Jul
2014
18 Jul
'14
4:58 a.m.
-----Original Message----- From: libvir-list-bounces@redhat.com [mailto:libvir-list-bounces@redhat.com] On Behalf Of Cédric Bosdonnat Sent: Friday, July 18, 2014 4:02 PM To: libvir-list@redhat.com Cc: Cédric Bosdonnat Subject: [libvirt] [PATCHv4 1/2] lxc: allow to keep or drop capabilities
Added <capabilities> in the <features> section of LXC domains configuration. This section can contain elements named after the capabilities like:
<mknod state="on"/>, keep CAP_MKNOD capability <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability
Users can restrict or give more capabilities than the default using this mechanism. ---
Reviewed-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>