| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| container-base | ||
| container-base.in | ||
| start-container |
Prevent privileged containers from messing with the host's pci devices
directly. Refuse access under /proc/bus, and drop cap_sys_rawio. Some
containers may need to re-enable cap_sys_rawio (i.e. if they run an
X server).
It may be desirable to break some of this stuff into files which can be
separately included (or not included), but this patch isn't the right
place for that.
Signed-off-by: 
Serge Hallyn <serge.hallyn@ubuntu.com>
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| container-base | Loading commit data... | |
| container-base.in | Loading commit data... | |
| start-container | Loading commit data... |