[lxc-devel] [patch 1/5] Add capability interface
Andrian Nord
nightnord at gmail.com
Tue Jan 5 12:26:14 UTC 2010
> As you mentioned it at the beginning, I think it is better to just drop
> the capabilities without any default, except for the shutdown
> capability. That will make the code simpler, because we won't have to
> handle the "keep" case.
>
> And we let the admin to configure itself the capabilities to drop
> (sys_module, time, etc ...), no ?
Oh, ok. I'll look into it sometime after. I'm a bit swamped with daily
work currently, so maybe tomorrow.
Still, I personally think, that 'keep' case is useful enough if you are
using common configs - you may drop common capabilities, but then revert
this in container that needs this capabilities. I'm using it very often.
But if you reject idea of included configs, keep case has no much sense,
yes.
More information about the lxc-devel
mailing list