On Thu, 08 Aug 2013 22:37:55 +0100, chris.ha...@proporta.com wrote: > Hi, > > I'm unable to set extended attributes in the 'security' namespace > inside an LXC container. It can set attributes in the 'user' > namespace > without any issue. Outside the container (on the host operating > system) I can set either of these using setfattr or attr without > issue. > > I'm using version 0.8.0 of LXC from the packages in Debian Wheezy. Is > there any workaround for this, anything that I can do would be very > greatly appreciated.
OK, I see that the CAP_SYS_ADMIN controls this, and I can comment out the lxc.cap.drop declaration that disables these capabilities in order do what I need to do. Looking at the list of things that it controls, it doesn't look too bad; if anything I'm mostly worried that it might accidentally set the hostname of the parent box rather than ripping a massive hole in my security. Can anyone provide me with some context/insight into this? Maybe there's a way to limit it to just the special xattr namespaces? Cheers, Chris Hayes > > Thanks, > Chris Hayes ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
