21 Jan
2012
21 Jan
'12
6:01 p.m.
On 01/20/2012 07:25 AM, Taku Izumi wrote:
OK. I'll try to implement like this way.
No, I think your current patch is fine. Perhaps in the future we can try to implement cgroup-based whitelists in the kernel. In any case adding rawio (which is a per-process capability) to a <disk> element would be wrong. Paolo