Re: [libvirt] [PATCHv4 1/2] lxc: allow to keep or drop capabilities

-----Original Message----- From: libvir-list-bounces(a)redhat.com [mailto:libvir-list-bounces@redhat.com] On Behalf Of Cédric Bosdonnat Sent: Friday, July 18, 2014 4:02 PM To: libvir-list(a)redhat.com Cc: Cédric Bosdonnat Subject: [libvirt] [PATCHv4 1/2] lxc: allow to keep or drop capabilities Added <capabilities> in the <features> section of LXC domains configuration. This section can contain elements named after the capabilities like: <mknod state="on"/>, keep CAP_MKNOD capability <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability Users can restrict or give more capabilities than the default using this mechanism. ---