Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 4d69b2939ce09fbe624636dc01734a542e050ef9
https://github.com/lxc/lxc/commit/4d69b2939ce09fbe624636dc01734a542e050ef9
Author: Nikola Kotur <kotn...@gmail.com>
Date: 2013-11-20 (Wed, 20 Nov 2013)
Changed paths:
M doc/lxc-attach.sgml.in
M src/lxc/confile.c
M src/lxc/confile.h
M src/lxc/lxc_attach.c
Log Message:
-----------
lxc-attach: elevate specific privileges
There are scenarios in which we want to execute process with specific
privileges elevated.
An example for this might be executing a process inside the container
securely, with capabilities dropped, but not in container's cgroup so
that we can have per process restrictions inside single container.
Similar to namespaces, privileges to be elevated can be OR'd:
lxc-attach --elevated-privileges='CAP|CGROUP' ...
Backward compatibility with previous versions is retained. In case no
privileges are specified behaviour is the same as before: all of them
are elevated.
Signed-off-by: Nikola Kotur <kotn...@gmail.com>
Acked-By: Christian Seiler <christ...@iwakd.de>
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
