Thanks all for the feedbacks. The following patchset provides an intermediate solution between all the remarks about the security aspects when running lxc with the capabilities.
It has the advantage to be compatible with the setuid bit root set on the lxc-start and lxc-execute. More work has to be done, but I prefer to send these patches now as they are critical in terms of security. ------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel