]> xenbits.xensource.com Git - libvirt.git/commit
projects / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a86b621) | patch
lxc: allow to keep or drop capabilities
authorCédric Bosdonnat <cbosdonnat@suse.com>
Fri, 18 Jul 2014 08:02:29 +0000 (10:02 +0200)
committerGao feng <gaofeng@cn.fujitsu.com>
Wed, 23 Jul 2014 07:12:37 +0000 (15:12 +0800)
commit47e5b5ae3262f140955abd57bbb13337c65a3497
treed6721706003479b91fbd39420e0896fd76ec7692tree
parenta86b6215a74b1feb2667204e214fbfd2f7decc5ccommit | diff
lxc: allow to keep or drop capabilities

Added <capabilities> in the <features> section of LXC domains
configuration. This section can contain elements named after the
capabilities like:

  <mknod state="on"/>, keep CAP_MKNOD capability
  <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability

Users can restrict or give more capabilities than the default using
this mechanism.
docs/drvlxc.html.in diff | blob | blame | history
docs/schemas/domaincommon.rng diff | blob | blame | history
src/conf/domain_conf.c diff | blob | blame | history
src/conf/domain_conf.h diff | blob | blame | history
src/libvirt_private.syms diff | blob | blame | history
src/lxc/lxc_cgroup.c diff | blob | blame | history
src/lxc/lxc_container.c diff | blob | blame | history
src/util/vircgroup.c diff | blob | blame | history
src/util/vircgroup.h diff | blob | blame | history
tests/domainschemadata/domain-caps-features.xml [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.