[lxc-devel] [PATCH] lxc-attach: elevate specific privileges
Christian Seiler
christian at iwakd.de
Wed Nov 20 16:46:07 UTC 2013
Hi,
assuming this compiles and does the right thing at runtime (I haven't
had time to test it, but from reading the source it looks fine) and
as discussed in this thread you will slightly improve it later:
Am 20.11.2013 15:07, schrieb Nikola Kotur:
> There are scenarios in which we want to execute process with specific
> privileges elevated.
>
> An example for this might be executing a process inside the container
> securely, with capabilities dropped, but not in container's cgroup so
> that we can have per process restrictions inside single container.
>
> Similar to namespaces, privileges to be elevated can be OR'd:
>
> lxc-attach --elevated-privileges='CAP|CGROUP' ...
>
> Backward compatibility with previous versions is retained. In case no
> privileges are specified behaviour is the same as before: all of them
> are elevated.
>
> Signed-off-by: Nikola Kotur <kotnick at gmail.com>
Acked-By: Christian Seiler <christian at iwakd.de>
-- Christian
More information about the lxc-devel
mailing list