On Mon, Apr 25, 2016 at 06:22:10PM +0300, Evgenii Shatokhin wrote: > https://jira.sw.ru/browse/PSBM-46199 > > Allowing the privileged processes in the containers to set leases on > arbitrary files seems to make no harm. Let us make CAP_LEASE work there. > > Signed-off-by: Evgenii Shatokhin <eshatok...@virtuozzo.com> Acked-by: Cyrill Gorcunov <gorcu...@openvz.org>
There is one point which worries me a bit actually: ve_capable is rather a check for creds in user-ns we created for container during its startup. Do we prohibit creating new user-namespaces inside container? If not -- we better should. _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
