Quoting Alexey Dobriyan ([email protected]): > Is sysctl to control CAP_SYS_ADMIN on restart(2) OK?
You mean a sysctl to specify whether to require CAP_SYS_ADMIN for restart(2)? Yeah I wouldn't object to that - it certainly seems like something sane for an admin to use depending on their users. Though I think the bigger fish to fry first is whether we only support whole-container checkpoint/restart. If that is the case, then CAP_SYS_ADMIN will always be needed for restart since it will always unshare some namespaces. thanks, -serge _______________________________________________ Containers mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
