On Tue, 19 Nov 2013 15:48:36 -0600
Serge Hallyn serge.hal...@ubuntu.com wrote:
Quoting Nikola Kotur (kotn...@gmail.com):
There are scenarios in which we want to execute process with
specific privileges elevated.
thanks for submitting this patch. No objection overall, however
there are a
There are scenarios in which we want to execute process with specific
privileges elevated.
An example for this might be executing a process inside the container
securely, with capabilities dropped, but not in container's cgroup so
that we can have per process restrictions inside single container.
Hi there,
And if you have a bit of time I'd appreciate if you could explain why
should we elevate privileges for attaching to specific namespace?
Seems
to me that it is unrelated, since I should be able to enter NETWORK
ns
while not elevating cgroup, for example?
Since I added those
Quoting Nikola Kotur (kotn...@gmail.com):
On Tue, 19 Nov 2013 15:48:36 -0600
Serge Hallyn serge.hal...@ubuntu.com wrote:
Quoting Nikola Kotur (kotn...@gmail.com):
There are scenarios in which we want to execute process with
specific privileges elevated.
thanks for submitting this
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 2716b4877280dc984d40002fe47e9a40f15ccc0d
https://github.com/lxc/lxc/commit/2716b4877280dc984d40002fe47e9a40f15ccc0d
Author: S.Çağlar Onur cag...@10ur.org
Date: 2013-11-20 (Wed, 20 Nov 2013)
Changed paths:
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: c7e426bef628fa4a2cd0733086bcc599b6412bec
https://github.com/lxc/lxc/commit/c7e426bef628fa4a2cd0733086bcc599b6412bec
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: 2013-11-20 (Wed, 20 Nov 2013)
Changed
On Wed, 20 Nov 2013 09:35:51 -0600
Serge Hallyn serge.hal...@ubuntu.com wrote:
I also notice that currently it seems broken as the manpage says
that -R should imply -e
Actually, it's not -R that implies -e, it's the -s option
I was sure I saw a comment about -R implying -e, but I
Quoting Christian Seiler (christ...@iwakd.de):
Hi there,
And if you have a bit of time I'd appreciate if you could explain why
should we elevate privileges for attaching to specific namespace?
Seems
to me that it is unrelated, since I should be able to enter NETWORK
ns
while not
On Wed, 20 Nov 2013 15:29:10 +
Christian Seiler christ...@iwakd.de wrote:
Since I added those options back in the day, a bit of a rationale
Thanks for the explanation!
However, with your patch (which makes sense since my rewrite of the
API), I think one could give the user the option of
Hi,
assuming this compiles and does the right thing at runtime (I haven't
had time to test it, but from reading the source it looks fine) and
as discussed in this thread you will slightly improve it later:
Am 20.11.2013 15:07, schrieb Nikola Kotur:
There are scenarios in which we want to
On Wed, 20 Nov 2013 16:46:07 +
Christian Seiler christ...@iwakd.de wrote:
assuming this compiles and does the right thing at runtime (I haven't
had time to test it, but from reading the source it looks fine) and
as discussed in this thread you will slightly improve it later:
Quoting Christian Seiler (christ...@iwakd.de):
Hi,
assuming this compiles and does the right thing at runtime (I haven't
had time to test it, but from reading the source it looks fine) and
as discussed in this thread you will slightly improve it later:
Am 20.11.2013 15:07, schrieb Nikola
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 4d69b2939ce09fbe624636dc01734a542e050ef9
https://github.com/lxc/lxc/commit/4d69b2939ce09fbe624636dc01734a542e050ef9
Author: Nikola Kotur kotn...@gmail.com
Date: 2013-11-20 (Wed, 20 Nov 2013)
Changed paths:
Quoting Michael H. Warfield (m...@wittsend.com):
On Tue, 2013-11-19 at 14:53 -0600, Serge Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
If autodev is not specifically set to 0 or 1, attempts to determine if
systemd is being utilized and forces autodev=1 to prevent host
On Wed, 20 Nov 2013 10:57:01 -0600
Serge Hallyn serge.hal...@ubuntu.com wrote:
+ lxc_fill_elevated_privileges(NULL, elevated_privileges);
Note I've applied it as is, and this failure shouldn't ever happen
anyway, but you're not checking return value of
I guess I should comment as well...
On Wed, 2013-11-20 at 10:59 -0600, Serge Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
On Tue, 2013-11-19 at 14:53 -0600, Serge Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
If autodev is not specifically set to 0
On Wed, Nov 20, 2013 at 10:59:51AM -0600, Serge Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
On Tue, 2013-11-19 at 14:53 -0600, Serge Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
If autodev is not specifically set to 0 or 1, attempts to determine if
Quoting Michael H. Warfield (m...@wittsend.com):
Added a file lxc.service for a systemd service file.
Added a file lxc-devsetup to setup /dev/ on startup to support autodev
in containers.
Service file references lxc-devsetup as an ExecStartPre command. The
lxc-devsetup script is not
On Wed, 2013-11-20 at 21:39 -0600, Serge Hallyn wrote:
Quoting Michael H. Warfield (m...@wittsend.com):
Added a file lxc.service for a systemd service file.
Added a file lxc-devsetup to setup /dev/ on startup to support autodev
in containers.
Service file references lxc-devsetup as
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: bc6928ffdb53145acb74a6cb1f958e53d5242696
https://github.com/lxc/lxc/commit/bc6928ffdb53145acb74a6cb1f958e53d5242696
Author: Michael H. Warfield m...@wittsend.com
Date: 2013-11-20 (Wed, 20 Nov 2013)
Changed
20 matches
Mail list logo