Hi, I've attached patches that improve capability handling in LXC. I stumbled upon the issue that I wanted to deactivate "dmesg" from inside containers with a fairly recent kernel. Instead of dropping CAP_SYS_ADMIN, as it was the case with previous kernel versions, one is now supposed to drop CAP_SYSLOG. Unfortunately, LXC doesn't know about it yet.
The attached patches do the following: - add CAP_SYSLOG and CAP_WAKE_ALARM to the list of capabilities, since they are new - add a function that determines the maximum number of capabilities the current running kernel (not the one LXC is compiled against) supports - support the specification of numerical IDs for capabilities when using lxc.cap.drop. Then, even if LXC doesn't understand the capability or was compiled against an older kernel, it is still possible to drop that specific capability. Christian ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
