Commit - virt-ark/libvirt - 47e5b5ae3262f140955abd57bbb13337c65a3497

    lxc: allow to keep or drop capabilities
    
    Added <capabilities> in the <features> section of LXC domains
    configuration. This section can contain elements named after the
    capabilities like:
    
      <mknod state="on"/>, keep CAP_MKNOD capability
      <sys_chroot state="off"/> drop CAP_SYS_CHROOT capability
    
    Users can restrict or give more capabilities than the default using
    this mechanism.

docs/drvlxc.html.in

file modified

+47 -0

docs/schemas/domaincommon.rng

file modified

+207 -0

src/conf/domain_conf.c

file modified

+125 -1

src/conf/domain_conf.h

file modified

+56 -0

src/libvirt_private.syms

file modified

+3 -0

src/lxc/lxc_cgroup.c

file modified

+8 -0

src/lxc/lxc_container.c

file modified

+225 -16

src/util/vircgroup.c

file modified

+54 -3

src/util/vircgroup.h

file modified

+2 -0

tests/domainschemadata/domain-caps-features.xml

file added

+28

virt-ark / libvirt

Source Code

47e5b5a lxc: allow to keep or drop capabilities

10 files Authored by cbosdonnat 9 years ago, Committed by Gao feng 9 years ago,

`47e5b5a` lxc: allow to keep or drop capabilities