[lxc-devel] [patch 3/5] Add capabilities field into lxc_conf and it's usage

[Andrian Nord]

into conf.c
Reply-To: 
In-Reply-To: <20091117221552.GB32735 at nord.niifaq.ru>

That's also trivial

Signed-off-by: Andrian Nord <NightNord at gmail.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index b4e3a3e..3e1440a 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -45,6 +45,7 @@
 #include <net/if.h>
 #include <libgen.h>
 
+#include "capability.h"
 #include "network.h"
 #include "error.h"
 #include "parse.h"
@@ -820,10 +821,12 @@ int lxc_conf_init(struct lxc_conf *conf)
 	conf->utsname = NULL;
 	conf->tty = 0;
 	conf->pts = 0;
+	conf->capabilities = 0;
 	conf->console[0] = '\0';
 	lxc_list_init(&conf->cgroup);
 	lxc_list_init(&conf->network);
 	lxc_list_init(&conf->mount_list);
+	lxc_capabilities_init(&conf->capabilities);
 	return 0;
 }
 
@@ -1102,6 +1105,11 @@ int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
 		return -1;
 	}
 
+	if (lxc_capabilities_apply(lxc_conf->capabilities)) {
+		ERROR("failed to drop capabilities");
+		return -1;
+	}
+
 	NOTICE("'%s' is setup.", name);
 
 	return 0;
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 215f1e5..707a768 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -25,6 +25,7 @@
 
 #include <netinet/in.h>
 #include <sys/param.h>
+#include <linux/types.h>
 
 #include <lxc/list.h>
 
@@ -135,6 +136,7 @@ struct lxc_conf {
 	char *fstab;
 	int tty;
 	int pts;
+	__u32 capabilities;
 	struct utsname *utsname;
 	struct lxc_list cgroup;
 	struct lxc_list network;