On Wed, 20 Nov 2013 15:29:10 +0000 Christian Seiler <christ...@iwakd.de> wrote:
> Since I added those options back in the day, a bit of a rationale Thanks for the explanation! > However, with your patch (which makes sense since my rewrite of the > API), I think one could give the user the option of not evelating the > other privileges. And while I do think that because of the above > rationale having elevation being the default state when using -s, what > do you think of the following proposal? > > - default => all privs dropped > - only -s specified => no privs dropped > - -e specified without argument => no privs dropped > - -e NONE specified (regardless of -s) => all privs dropped > - -e ALL specified (regardless of -s) => no privs dropped > - -e A|B|C specified (regardless of -s) => A, B and C privs > elevated, the rest dropped I agree that we should let people to be creative, and make all combinations available. So, what do you say you ACK my first patch (I do need it), and I will work on your proposal, if others agree? -- Nikola Kotur http://blog.kotur.org PGP key: http://bin.kotur.org/key.html
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
