On 10/23/2011 09:10 AM, Blue Swirl wrote:
On Fri, Oct 21, 2011 at 15:07, Corey Bryantcor...@linux.vnet.ibm.com wrote:
We go to great lengths to restrict ourselves to just cap_net_admin as an OS
enforced security mechanism. However, we further restrict what we allow
users
to do to
On Mon, Oct 24, 2011 at 13:44, Corey Bryant cor...@linux.vnet.ibm.com wrote:
On 10/23/2011 09:10 AM, Blue Swirl wrote:
On Fri, Oct 21, 2011 at 15:07, Corey Bryantcor...@linux.vnet.ibm.com
wrote:
We go to great lengths to restrict ourselves to just cap_net_admin as
an OS
enforced
On Fri, Oct 21, 2011 at 15:07, Corey Bryant cor...@linux.vnet.ibm.com wrote:
We go to great lengths to restrict ourselves to just cap_net_admin as an OS
enforced security mechanism. However, we further restrict what we allow users
to do to simply adding a tap device to a bridge interface by
We go to great lengths to restrict ourselves to just cap_net_admin as an OS
enforced security mechanism. However, we further restrict what we allow users
to do to simply adding a tap device to a bridge interface by virtue of the fact
that this is the only functionality we expose.
This is not