lxc.cap.drop now also accepts numeric values for capabilities. This allows
the user to specify capabilities LXC doesn't know about yet or capabilities
that were not part of the kernel headers LXC was compiled against.
---
src/lxc/conf.c | 17 +++++++++++++++++
1 files changed, 17 insertions(+), 0 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 3fbc0eb..d3c1052 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -60,6 +60,7 @@
#include "conf.h"
#include "log.h"
#include "lxc.h" /* for lxc_cgroup_set() */
+#include "caps.h" /* for lxc_caps_last_cap() */
lxc_log_define(lxc_conf, lxc);
@@ -1123,6 +1124,7 @@ static int setup_caps(struct lxc_list *caps)
{
struct lxc_list *iterator;
char *drop_entry;
+ char *ptr;
int i, capid;
lxc_list_for_each(iterator, caps) {
@@ -1140,6 +1142,21 @@ static int setup_caps(struct lxc_list *caps)
break;
}
+ if (capid < 0) {
+ /* try to see if it's numeric, so the user may specify
+ * capabilities that the running kernel knows about but
+ * we don't */
+ capid = strtol(drop_entry, &ptr, 10);
+ if (!ptr || *ptr != '\0' ||
+ capid == LONG_MIN || capid == LONG_MAX)
+ /* not a valid number */
+ capid = -1;
+ else if (capid > lxc_caps_last_cap())
+ /* we have a number but it's not a valid
+ * capability */
+ capid = -1;
+ }
+
if (capid < 0) {
ERROR("unknown capability %s", drop_entry);
return -1;
--
1.7.2.5
------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
