To disable the ability to trigger a reboot of the host system by sending
"b" to /proc/sysrq-trigger inside a container, I've dropped
CAP_SYS_ADMIN and set readonly for the /proc mount-point.
I'm interested what else capabilities are recommended to drop when using
LXC as a system container?
Thanks
Hello,
Any news about a possible integration of my patch?
On Tue, Apr 19, 2011 at 12:57 PM, Francois-Xavier Bourlet
wrote:
> Oops, forgot to CC the mailing list!
>
> here's my answer:
>
> On Fri, Apr 15, 2011 at 9:58 AM, Francois-Xavier Bourlet
> wrote:
>> Yes I confirm what Gregory said. The p
On 05/02/2011 07:29 PM, Francois-Xavier Bourlet wrote:
> Hello,
>
> Any news about a possible integration of my patch?
Sorry François-Xavier for the delay. Let me review the patch this evening.
Thanks
-- Daniel
--
W
