Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

On Mon, Jun 01, 2009 at 10:24:12AM +0100, Daniel P. Berrange wrote: NB, in the not too distant future I'm going to submit code for making the libvirtd daemon drop alot of its capabilities, including clearing the bounding set to prevent inheritance by any child processes except in required

Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

On Tue, Jun 02, 2009 at 11:15:58AM +0900, Ryota Ozaki wrote: On Mon, Jun 1, 2009 at 6:24 PM, Daniel P. Berrange berra...@redhat.com wrote: On Fri, May 29, 2009 at 04:42:54PM -0500, Serge E. Hallyn wrote: Quoting Ryota Ozaki (ozaki.ry...@gmail.com): On Fri, May 29, 2009 at 9:20 PM, Daniel

Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

On Fri, May 29, 2009 at 04:42:54PM -0500, Serge E. Hallyn wrote: Quoting Ryota Ozaki (ozaki.ry...@gmail.com): On Fri, May 29, 2009 at 9:20 PM, Daniel Veillard veill...@redhat.com wrote: Hmm, yeah but note that often userspace is out of date with respect to recent new kernel-related

Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

On Mon, Jun 1, 2009 at 6:24 PM, Daniel P. Berrange berra...@redhat.com wrote: On Fri, May 29, 2009 at 04:42:54PM -0500, Serge E. Hallyn wrote: Quoting Ryota Ozaki (ozaki.ry...@gmail.com): On Fri, May 29, 2009 at 9:20 PM, Daniel Veillard veill...@redhat.com wrote: Hmm, yeah but note that

Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

Quoting Daniel Veillard (veill...@redhat.com): On Fri, May 29, 2009 at 04:42:54PM -0500, Serge E. Hallyn wrote: Quoting Ryota Ozaki (ozaki.ry...@gmail.com): On Fri, May 29, 2009 at 9:20 PM, Daniel Veillard veill...@redhat.com wrote:  The lxcContainerDropCapabilities() function

Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

On Fri, May 29, 2009 at 04:42:54PM -0500, Serge E. Hallyn wrote: Quoting Ryota Ozaki (ozaki.ry...@gmail.com): On Fri, May 29, 2009 at 9:20 PM, Daniel Veillard veill...@redhat.com wrote:  The lxcContainerDropCapabilities() function requires PR_CAPBSET_DROP to be defined in order to

[libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

The lxcContainerDropCapabilities() function requires PR_CAPBSET_DROP to be defined in order to compile, but it may not be defined in older kernels. So I made the compilation of the core of the function conditional, raise an error but still return 0 to not make the container initialization fail.

Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

On Fri, May 29, 2009 at 9:20 PM, Daniel Veillard veill...@redhat.com wrote:  The lxcContainerDropCapabilities() function requires PR_CAPBSET_DROP to be defined in order to compile, but it may not be defined in older kernels. So I made the compilation of the core of the function conditional,

Re: [libvirt] [PATCH] Fix a compilation problem with LXC drop capabilities

Quoting Ryota Ozaki (ozaki.ry...@gmail.com): On Fri, May 29, 2009 at 9:20 PM, Daniel Veillard veill...@redhat.com wrote:  The lxcContainerDropCapabilities() function requires PR_CAPBSET_DROP to be defined in order to compile, but it may not be defined in older kernels. So I made the