[lxc-devel] [patch 4/5] Read capabilities from config file

Andrian Nord nightnord at gmail.com
Tue Nov 17 22:49:21 UTC 2009 

This implemented very similar to cgroup handling: capabiliites names are
subnames for lxc.capability. with values 'keep' or 'drop' (to show, that
capabilities could not be set in this version)

Signed-off-by: Andrian Nord <NightNord at gmail.com>

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 43bede4..040fe1e 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -33,6 +33,7 @@
 #include <net/if.h>
 
 #include "parse.h"
+#include "capability.h"
 
 #include <lxc/log.h>
 #include <lxc/conf.h>
@@ -42,6 +43,7 @@ lxc_log_define(lxc_confile, lxc);
 static int config_pts(const char *, char *, struct lxc_conf *);
 static int config_tty(const char *, char *, struct lxc_conf *);
 static int config_cgroup(const char *, char *, struct lxc_conf *);
+static int config_capability(const char *, char *, struct lxc_conf *);
 static int config_mount(const char *, char *, struct lxc_conf *);
 static int config_rootfs(const char *, char *, struct lxc_conf *);
 static int config_utsname(const char *, char *, struct lxc_conf *);
@@ -66,6 +68,7 @@ static struct config config[] = {
 	{ "lxc.pts",            config_pts            },
 	{ "lxc.tty",            config_tty            },
 	{ "lxc.cgroup",         config_cgroup         },
+	{ "lxc.capability",     config_capability     },
 	{ "lxc.mount",          config_mount          },
 	{ "lxc.rootfs",         config_rootfs         },
 	{ "lxc.utsname",        config_utsname        },
@@ -457,6 +460,38 @@ static int config_fstab(const char *key, char *value, struct lxc_conf *lxc_conf)
 	return 0;
 }
 
+static int config_capability(const char *key, char *value, struct lxc_conf *lxc_conf)
+{
+	char *prekey = "lxc.capability.";
+	char *subkey;
+
+	subkey = strstr(key, prekey);
+
+	if (!subkey)
+		return -1;
+
+	if (!strlen(subkey))
+		return -1;
+
+	if (strlen(subkey) == strlen(prekey))
+		return -1;
+
+	subkey += strlen(prekey);
+
+	lxc_cap_state state;
+
+	if (strcmp(value, "keep") == 0) {
+		state = LXC_CAP_KEEP;
+	} else if (strcmp(value, "drop") == 0) {
+		state = LXC_CAP_DROP;
+	} else {
+		ERROR("Bad value for '%s', should be 'keep' or 'drop'", key);
+		return -1;
+	}
+
+	return lxc_capabilities_change(&lxc_conf->capabilities, subkey, state);
+}
+
 static int config_mount(const char *key, char *value, struct lxc_conf *lxc_conf)
 {
 	char *fstab_token = "lxc.mount";

More information about the lxc-devel mailing list