[lxc-devel] [patch 5/5] cleanup start.c
Andrian Nord
nightnord at gmail.com
Tue Nov 17 22:53:34 UTC 2009
As we already dropping capabilities, additional drop into start.c is
redundant - if user will force keep of sys_boot - it's his own problems
=). Probably he should be warned into documentation, but i'll post patch
for final syntax description as soon as current patches would be applied
as good.
Signed-off-by: Andrian Nord <NightNord at gmail.com>
diff --git a/src/lxc/start.c b/src/lxc/start.c
index e59b4e3..88a73ee 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -39,7 +39,6 @@
#include <sys/types.h>
#include <sys/prctl.h>
#include <sys/types.h>
-#include <sys/capability.h>
#include <sys/wait.h>
#include <sys/un.h>
#include <sys/poll.h>
@@ -84,10 +83,6 @@ int signalfd(int fd, const sigset_t *mask, int flags)
}
#endif
-#if !HAVE_DECL_PR_CAPBSET_DROP
-#define PR_CAPBSET_DROP 24
-#endif
-
#include <lxc/log.h>
#include <lxc/conf.h>
#include <lxc/confile.h>
@@ -371,11 +366,6 @@ static int do_start(void *arg)
goto out_warn_father;
}
- if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
- SYSERROR("failed to remove CAP_SYS_BOOT capability");
- goto out_child;
- }
-
if (prctl(PR_SET_PDEATHSIG, SIGKILL, 0, 0, 0)) {
SYSERROR("failed to set pdeath signal");
goto out_child;
More information about the lxc-devel
mailing list