Andre Nathan <an...@digirati.com.br> writes: > On Mon, 2011-02-07 at 11:40 +1100, Trent W. Buck wrote: >> lxc.cap.drop=sys_admin should prevent all mount(2) calls within the >> container. It seems to work for me. In fact... I thought LXC *always* >> removed that capability, even if you never mentioned it? > > Nice! Is there a list of capabilities LXC drops documented somewhere?
I don't know. The list of capabilities *in general* is the capabilities(7) manpage. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users