On 12/09/2015 01:56 PM, Peter Steele wrote:
On 12/09/2015 11:46 AM, Peter Steele wrote:
On 12/09/2015 10:18 AM, Serge Hallyn wrote:
I suppose just looking at the 'capsh --print' output difference for the
bounding set between the custom containers spawned by lxc and
libvirt-lxc could
be enlightening.
Here's the diff:
# sdiff lxc libvirt
My apologies here. The output I had pasted in was nicely column
aligned, with spaces. Something got lost along the way...
Peter
Actually, some tabs got mixed in. Hopefully this will look better:
cap_chown cap_chown
cap_dac_override cap_dac_override
cap_dac_read_search cap_dac_read_search
cap_fowner cap_fowner
cap_fsetid cap_fsetid
cap_kill cap_kill
cap_setgid cap_setgid
cap_setuid cap_setuid
cap_setpcap cap_setpcap
cap_linux_immutable cap_linux_immutable
cap_net_bind_service cap_net_bind_service
cap_net_broadcast cap_net_broadcast
cap_net_admin cap_net_admin
cap_net_raw cap_net_raw
cap_ipc_lock cap_ipc_lock
cap_ipc_owner cap_ipc_owner
> cap_sys_rawio
cap_sys_chroot cap_sys_chroot
cap_sys_ptrace cap_sys_ptrace
> cap_sys_pacct
cap_sys_admin cap_sys_admin
cap_sys_boot cap_sys_boot
> cap_sys_nice
cap_sys_resource cap_sys_resource
cap_sys_tty_config cap_sys_tty_config
cap_mknod <
cap_lease cap_lease
cap_audit_write cap_audit_write
cap_audit_control | cap_setfcap
cap_setfcap,cap_syslog | cap_mac_override
> cap_syslog
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
