On Tue, Jun 30, 2015 at 03:17:51PM +0300, Pavel Tikhomirov wrote: > allow what docker wants, need it to run integration-cli tests > when we will prohibit CAP_SYS_ADMIN and CAP_NET_ADMIN in CT > > * after switching to user namespaces we won't need those patches > https://jira.sw.ru/browse/PSBM-34523 > > to test without CAP_SYS_ADMIN and CAP_NET_ADMIN: > vzctl set 206 --capability net_admin:off \ > --capability sys_admin:off --save >
Reviewed-by: Andrew Vagin <ava...@odin.com> > Pavel Tikhomirov (3): > vfs: allow mount/umount, pivot_root with CAP_VE_SYS_ADMIN > rtnl: allow move network devices into network namespace in CT > vfs: allow mount proc and mqueue inside container > > fs/namespace.c | 4 +++- > fs/proc/root.c | 3 ++- > ipc/mqueue.c | 3 ++- > net/core/rtnetlink.c | 3 ++- > 4 files changed, 9 insertions(+), 4 deletions(-) > > -- > 1.9.3 > _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
