On Wed, Feb 26, 2014 at 08:54:02AM -0600, Serge Hallyn wrote:
Quoting Stephan Sachse (ste.sachse@gmail.com):
for me there is no valid reason why a container is not allowed to set file capabilities.
(For the sake of the libvir-list, I replied to this on the lxc-devel@ list with a proposal that should work; but this particular patch is not safe, as nothing would stop an unprivileged user from mapping 0 to his uid in a new namespace, adding CAP_SYS_ADMIN, getting back to the init namespace, and running it with privilege. Adding a new capability format which adds the kuid_t of the user_ns root would solve this. Thanks Stephan for pushing on this.)
Thanks, I thought there would be some good reason for this restriction. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|