Quoting Daniel Hokka Zakrisson ([EMAIL PROTECTED]): > Daniel Lezcano wrote: > > > > Wouldn't it be better to simply remove CAP_SYS_BOOT from containers > until sys_reboot emits some signal to userspace to restart/halt the > container? (This is what we do in Linux-VServer.) > > -- > Daniel Hokka Zakrisson
Yeah that makes more sense to me. Note that otherwise your patch still lets the container mess with sys_kexec_load(), for instance. -serge _______________________________________________ Containers mailing list [EMAIL PROTECTED] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list Devel@openvz.org https://openvz.org/mailman/listinfo/devel
