On 2013/7/3 13:19, Serge Hallyn wrote:
> Quoting Qiang Huang (h.huangqi...@huawei.com):
>> On 2013/7/3 11:23, Serge Hallyn wrote:
>>> Quoting Serge Hallyn (serge.hal...@ubuntu.com):
The lxc configuration file currently supports 'lxc.cap.drop', a list of
capabilities to be dropped (using t
Quoting Qiang Huang (h.huangqi...@huawei.com):
> On 2013/7/3 11:23, Serge Hallyn wrote:
> > Quoting Serge Hallyn (serge.hal...@ubuntu.com):
> >> The lxc configuration file currently supports 'lxc.cap.drop', a list of
> >> capabilities to be dropped (using the bounding set) from the container.
> >>
On 2013/7/3 11:23, Serge Hallyn wrote:
> Quoting Serge Hallyn (serge.hal...@ubuntu.com):
>> The lxc configuration file currently supports 'lxc.cap.drop', a list of
>> capabilities to be dropped (using the bounding set) from the container.
>> The problem with this is that over time new capabilities
Quoting Serge Hallyn (serge.hal...@ubuntu.com):
> The lxc configuration file currently supports 'lxc.cap.drop', a list of
> capabilities to be dropped (using the bounding set) from the container.
> The problem with this is that over time new capabilities are added. So
> an older container configur
Thanks github for sending mails from mangled addresses. Just replying
to myself with Walter's real email address so he sees a copy.
Please reply to this email, not the parent, if possible, so you don't
reply to notificati...@github.com.
Quoting Serge Hallyn (serge.hal...@ubuntu.com):
> The lxc c
The lxc configuration file currently supports 'lxc.cap.drop', a list of
capabilities to be dropped (using the bounding set) from the container.
The problem with this is that over time new capabilities are added. So
an older container configuration file may, over time, become insecure.
Walter has
