Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities
On Mon, Jun 01, 2009 at 10:24:12AM +0100, Daniel P. Berrange wrote:
NB, in the not too distant future I'm going to submit code for making
the libvirtd daemon drop alot of its capabilities, including clearing
the bounding set to prevent inheritance by any child processes except
in required circumstances. For that I'll likely use libcap-ng so we
will be able to stop callin prctl() directly in the LXC driver.
[1] libcap-ng isn't technically yet announced to the world, but it'll
appear real soon...
FYI, for those who use Linux capabilities, this is now available to the
world and well worth a look if you're battling with old libcap
http://people.redhat.com/sgrubb/libcap-ng/index.html
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|