Quoting Stéphane Graber ([email protected]): > On Mon, Jan 05, 2015 at 12:41:47PM +0000, Serge Hallyn wrote: > > Quoting Stéphane Graber ([email protected]): > > > > No objection per se, but can you explain why? What is the use > > case for this? > > Preventing systemd from thinking it's got cap_sys_module.
Feh. I don't like it, but ok. > That's my main use case anyway, also having a lxc.cap.* be silently > discarded just feels weird :) > > > > > > Signed-off-by: Stéphane Graber <[email protected]> Acked-by: Serge E. Hallyn <[email protected]> > > > --- > > > src/lxc/conf.c | 22 ++++++++++------------ > > > 1 file changed, 10 insertions(+), 12 deletions(-) > > > > > > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > > > index 472eb79..72181dd 100644 > > > --- a/src/lxc/conf.c > > > +++ b/src/lxc/conf.c > > > @@ -4158,20 +4158,18 @@ int lxc_setup(struct lxc_handler *handler) > > > return -1; > > > } > > > > > > - if (lxc_list_empty(&lxc_conf->id_map)) { > > > - if (!lxc_list_empty(&lxc_conf->keepcaps)) { > > > - if (!lxc_list_empty(&lxc_conf->caps)) { > > > - ERROR("Simultaneously requested dropping and > > > keeping caps"); > > > - return -1; > > > - } > > > - if (dropcaps_except(&lxc_conf->keepcaps)) { > > > - ERROR("failed to keep requested caps"); > > > - return -1; > > > - } > > > - } else if (setup_caps(&lxc_conf->caps)) { > > > - ERROR("failed to drop capabilities"); > > > + if (!lxc_list_empty(&lxc_conf->keepcaps)) { > > > + if (!lxc_list_empty(&lxc_conf->caps)) { > > > + ERROR("Simultaneously requested dropping and keeping > > > caps"); > > > return -1; > > > } > > > + if (dropcaps_except(&lxc_conf->keepcaps)) { > > > + ERROR("failed to keep requested caps"); > > > + return -1; > > > + } > > > + } else if (setup_caps(&lxc_conf->caps)) { > > > + ERROR("failed to drop capabilities"); > > > + return -1; > > > } > > > > > > NOTICE("'%s' is setup.", name); > > > -- > > > 1.9.1 > > > > > > _______________________________________________ > > > lxc-devel mailing list > > > [email protected] > > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > _______________________________________________ > > lxc-devel mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
