On 02/06/2012 12:20 AM, Christian Seiler wrote:
Hi Daniel,
thanks for your patches and your analysis.
IMO, we have to take into account the process we want to attach could be
an admin task and this one may want to have the full permissions within
the container. Also that could be an
On 02/03/2012 01:54 PM, Christian Seiler wrote:
Hi,
As I didn't hear anything on this issue, I looked at it more closely and
found found that not only are capabilities currently not dropped from
withing lxc, but also the personality is not set correctly and the newly
started process is not
Hi Daniel,
thanks for your patches and your analysis.
IMO, we have to take into account the process we want to attach could be
an admin task and this one may want to have the full permissions within
the container. Also that could be an external daemon with the same
permissions as the
Hi,
As I didn't hear anything on this issue, I looked at it more closely and
found found that not only are capabilities currently not dropped from
withing lxc, but also the personality is not set correctly and the newly
started process is not put in the correct cgroup (circumventing e.g. device
