+Mon May 11 16:03:37 CEST 2009 Daniel Veillard <veillard@redhat.com>
+
+ * src/lxc_container.c: drop LXC CAP_SYS_BOOT capability to avoid
+ reboot from inside containers, patch by Ryota Ozaki
+
Mon May 11 09:51:00 EDT 2009 Cole Robinson <crobinso@redhat.com>
* src/qemu_driver.c : Check that QEMU is still alive while
/* For MS_MOVE */
#include <linux/fs.h>
+#include <sys/prctl.h>
+#include <sys/capability.h>
+
#include "virterror_internal.h"
#include "logging.h"
#include "lxc_container.h"
return lxcContainerSetupExtraMounts(vmDef);
}
+static int lxcContainerDropCapabilities( virDomainDefPtr vmDef )
+{
+ int i;
+ const struct {
+ int id;
+ const char *name;
+ } caps[] = {
+#define ID_STRING(name) name, #name
+ { ID_STRING(CAP_SYS_BOOT) },
+ };
+
+ for (i = 0 ; i < ARRAY_CARDINALITY(caps) ; i++) {
+ if (prctl(PR_CAPBSET_DROP, caps[i].id, 0, 0, 0)) {
+ lxcError(NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("failed to drop %s"), caps[i].name);
+ return -1;
+ }
+ }
+
+ return 0;
+}
+
+
/**
* lxcChild:
* @argv: Pointer to container arguments
if (lxcContainerEnableInterfaces(argv->nveths, argv->veths) < 0)
return -1;
+ /* drop a set of root capabilities */
+ if (lxcContainerDropCapabilities(vmDef) < 0)
+ return -1;
+
/* this function will only return if an error occured */
return lxcContainerExecInit(vmDef);
}
projects / libvirt.git / commitdiff