-
drop capabilities · 81810dd1Daniel Lezcano authored
Hello everyone! I've written a patch which adds a new config keyword 'lxc.cap.drop'. This keyword allows to specify capabilities which are dropped before executing the container binary. Example: lxc.cap.drop = sys_chroot lxc.cap.drop = mknod lxc.cap.drop = sys_module or specify in a single line: lxc.cap.drop = sys_chroot mknod sys_module Reworked-by:
Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by:
Michael Holzt <lxc@my.fqdn.org> Signed-off-by:
81810dd1
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| lxc | Loading commit data... | |
| .cvsignore | Loading commit data... | |
| Makefile.am | Loading commit data... |